CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...

CVE-2025-62023

Improper Control of Generation of Code 'Code Injection' vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through = 250905...

CVE-2025-32137

Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through = 250419...

CVE-2025-32137

Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through = 250419...

CVE-2025-32137

CVE-2025-32137 is a Local File Inclusion via relative path traversal affecting s2Member (versions up to 250419 patched). Root cause: path traversal in s2Member; impact per initial metrics is limited to partial disclosure? The connected Wordfence entry confirms the vulnerability (s2Member

CVE-2025-32137 WordPress s2Member plugin <= 250419 - Local File Inclusion vulnerability

Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through = 250419...