WordPress WP-Members Membership Plugin plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability

Authenticated Contributor+ SQL Injection via 'orderby' Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP-Members versions = 3.5.5.1...

CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-57973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chad Butler WP-Members wp-members allows Stored XSS.This issue affects WP-Members: from n/a through = 3.5.4.2...

CVE-2025-57973

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chad Butler WP-Members wp-members allows Stored XSS.This issue affects WP-Members: from n/a through = 3.5.4.2...

CVE-2025-57973 WordPress WP-Members Plugin <= 3.5.4.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chad Butler WP-Members wp-members allows Stored XSS.This issue affects WP-Members: from n/a through = 3.5.4.2...

WordPress Members Import Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Members Import Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4663 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID d4d45be3e61f Credits Saeed Alzahrani Required...

WordPress Members List plugin <= 4.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jan w Oleju in WordPress Members List plugin versions = 4.3.0. Solution Update the WordPress Members List plugin to the latest available version at least 4.3.7...

WordPress WP-Members Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP-Members plugin version 3.1.8. A remote attacker c...