Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

118 matches found

RedhatCVE
RedhatCVEadded 2026/02/20 7:22 a.m.4 views

CVE-2025-13732

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...

6.4CVSS5.7AI score0.00048EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/20 7:21 a.m.2 views

CVE-2026-1994

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.7AI score0.00103EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/02/19 8:17 a.m.2 views

WordPress s2Member plugin <= 260127 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin s2Member versions = 260127...

9.8CVSS5.5AI score0.00103EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/02/19 7:17 a.m.4 views

CVE-2025-13732

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...

6.4CVSS0.00048EPSS
Exploits0References5
CVE
CVEadded 2026/02/19 6:49 a.m.11 views

CVE-2026-1994

The CVE concerns the WordPress s2Member plugin (versions up to 260127). The root cause is that the plugin does not properly validate a user’s identity before updating their password, enabling unauthenticated attackers to change arbitrary user passwords, including administrators, via account takeo...

9.8CVSS5.7AI score0.00103EPSS
In wildExploits0References3
Cvelist
Cvelistadded 2026/02/19 6:49 a.m.23 views

CVE-2026-1994 s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/19 6:49 a.m.1 views

CVE-2026-1994 s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.7AI score0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/19 4:36 a.m.3 views

CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...

6.4CVSS5.7AI score0.00048EPSS
Exploits0References5
CVE
CVEadded 2026/02/19 4:36 a.m.8 views

CVE-2025-13732

CVE-2025-13732 concerns the WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (versions through 251005). The issue is a Stored Cross-Site Scripting flaw via the shortcode parameter s2Eot , caused by insufficient input sa...

6.4CVSS5.7AI score0.00048EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/02/19 4:36 a.m.24 views

CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...

6.4CVSS0.00048EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/02/19 12:0 a.m.3 views

PT-2026-20605

Name of the Vulnerable Software and Affected Versions s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress versions through 251005 Description The s2Member plugin for WordPress is susceptible to Stored Cross-Site...

6.4CVSS5.3AI score0.00048EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEVadded 2026/02/19 12:0 a.m.0 views

VulnCheck KEV: CVE-2026-1994

The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

9.8CVSS5.9AI score0.00103EPSS
In wildExploits0References2
CNNVD
CNNVDadded 2026/02/19 12:0 a.m.3 views

WordPress plugin s2Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.8CVSS5.8AI score0.00103EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/19 12:0 a.m.4 views

WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

6.4CVSS5.8AI score0.00048EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/02/18 11:2 p.m.3 views

WordPress s2Member plugin <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin s2Member versions = 251005...

6.4CVSS5.5AI score0.00048EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.5 views

WordPress s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241216 - Reflected Cross-Site Scripting vulnerability

WordPress s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin = 241216 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin s2Member versions = 241216...

6.1CVSS5.5AI score0.0029EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.1 views

CVE-2025-58998

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through = 250701...

9.8CVSS7AI score0.00101EPSS
Exploits0References1
NVD
NVDadded 2025/11/06 4:16 p.m.1 views

CVE-2025-58998

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through = 250701...

9.8CVSS0.00101EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/06 3:54 p.m.1 views

EUVD-2025-38132

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through = 250701...

6.5AI score0.00101EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/06 3:54 p.m.1 views

CVE-2025-58998 WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through = 250701...

6.6AI score0.00101EPSS
Exploits0References1
Rows per page
Query Builder