CVE-2025-39570 WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...

WordPress WPCOM Member Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software WPCOM Member Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47378 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5f883b482d88 Credits Muhamad Agil Fachrian Required...

WordPress WPCOM Member Plugin <= 1.5.2.1 is vulnerable to Privilege Escalation

Software WPCOM Member Type Plugin Vulnerable versions = 1.5.2.1 Fixed in 1.5.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-7493 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID db48b9c1d64f Credits wesley...