49 matches found
WordPress WPCOM Member <= 1.7.6 - SQL Injection
WPCOM Member plugin for WordPress up to 1.7.6 contains a time-based SQL Injection caused by insufficient escaping and lack of preparation on the 'userphone' parameter, letting unauthenticated attackers extract sensitive information, exploit requires sending crafted 'userphone' parameter. id:...
CVE-2025-14002
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
CVE-2025-14002
CVE-2025-14002 — The WPCOM Member plugin for WordPress allows authentication bypass via brute force. Root cause: weak OTP generation (6 digits) with a 10-minute validity and no rate limiting on verification attempts. Impact: unauthenticated attackers can log in as any user (including admins) if t...
CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
EUVD-2025-203621
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
WordPress WPCOM Member plugin <= 1.7.16 - Authentication Bypass via Weak OTP vulnerability
Authentication Bypass via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin WPCOM Member versions = 1.7.16...
WordPress plugin WPCOM Member 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizatio...
WordPress WPCOM Member plugin <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin WPCOM Member versions = 1.7.14...
CVE-2025-11920
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920
CVE-2025-11920 – Local File Inclusion in WPCOM Member plugin for WordPress (versions up to 1.7.14) via the shortcode action parameter. Authenticated attackers with Contributor+ access can include/execute server-side PHP files, enabling code execution in scenarios where PHP files can be uploaded a...
CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
PT-2025-44697
Name of the Vulnerable Software and Affected Versions WPCOM Member versions prior to 1.7.15 Description The WPCOM Member plugin for WordPress is susceptible to Local File Inclusion. This issue affects versions up to and including 1.7.14 and is triggered through the action parameter within a...
WordPress plugin WPCOM Member 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2024-42414
Malicious code in bioql PyPI...
EUVD-2025-11319
Malicious code in bioql PyPI...
EUVD-2024-48407
Malicious code in bioql PyPI...
CVE-2025-39570
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...
CVE-2025-39570
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...
CVE-2025-39570 WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...