20 matches found
CVE-2019-14328
The CVE-2019-14328 entry covers a CSRF vulnerability in WordPress Simple Membership plugin up to version 3.8.4, affecting the Bulk Operation feature. Technical details in connected docs show an attacker can abuse CSRF to trigger unintended bulk membership changes by convincing a site administrato...
CVE-2022-0328
The CVE concerns the WordPress Simple Membership plugin (
CVE-2022-1724
The CVE-2022-1724 entry concerns the WordPress Simple Membership plugin (versions prior to 4.1.1). The issue is a reflected Cross-Site Scripting vulnerability in which parameters are not properly sanitized/escaped before being echoed in AJAX actions, enabling injection of malicious scripts when a...
CVE-2022-0681
Consolidated details for CVE-2022-0681: The WordPress plugin Simple Membership (pre-4.1.0) does not perform CSRF checks when deleting Transactions, allowing a logged-in admin to delete arbitrary transactions via CSRF. Impact is a CSRF vulnerability enabling unauthorized deletion of transactions b...
CVE-2022-2317
CVE-2022-2317 affects the WordPress plugin Simple Membership (versions before 4.1.3). The root cause is insufficient validation of a user-supplied parameter during registration, allowing an unauthenticated user to elevate membership privileges by manipulating the level_identifier value (as demons...
CVE-2024-3730
CVE-2024-3730 affects the Simple Membership WordPress plugin (versions up to and including 4.4.3). The flaw is a Stored XSS in the swpm_paypal_subscription_cancel_link shortcode due to insufficient input sanitization and output escaping of attributes. Exploitation requires an authenticated user w...
CVE-2022-2273
CVE-2022-2273 affects the WordPress Simple Membership plugin prior to 4.1.3. The root cause is improper validation of the membership_level parameter when editing a profile, which permits a crafted POST request to escalate a member’s privileges to a higher membership level. References indicate a c...
CVE-2022-4469
The CVE-2022-4469 entry concerns the WordPress Simple Membership plugin prior to 4.2.2. The flaw is in the shortcode attribute handling: the plugin does not validate or escape certain attributes before output, enabling Stored XSS. The impact is that a user with as low as Contributor can trigger s...
CVE-2023-41957
CVE-2023-41957 affects WordPress Simple Membership Plugin (
CVE-2023-41956
The CVE-2023-41956 entry concerns WordPress Simple Membership (smp7) with an Improper Authentication flaw that allowed an authenticated user to takeover accounts via the password reset flow. Affected versions are Simple Membership up to 4.3.4; patched in 4.3.5. Reports from NVD/Red Hat/Wordfence ...
CVE-2024-4383
CVE-2024-4383 affects the WordPress plugin Simple Membership. The vulnerability is a Stored Cross-Site Scripting via the plugin’s swpm_paypal_subscription_cancel_link shortcode in all versions up to and including 4.4.5, caused by insufficient input sanitization and output escaping on user-supplie...
CVE-2023-6882
CVE-2023-6882 : The Simple Membership WordPress plugin is vulnerable to a reflected XSS via the environment_mode parameter in all versions up to 4.3.8 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject scripts into pages that run when a use...
CVE-2024-1985
CVE-2024-1985 affects the WordPress plugin Simple Membership . It is a Stored XSS via the Display Name parameter in versions up to 4.4.2, caused by insufficient input sanitization and output escaping. The vulnerability could let an attacker inject scripts that execute when a user loads a page. Ex...
CVE-2024-49682
CVE-2024-49682 is an Open Redirect vulnerability in the WordPress plugin Simple Membership (versions ≤ 4.5.3). The issue allows redirection to untrusted sites, enabling phishing scenarios as described in multiple sources. Public docs consistently name the affected component as the Simple Membersh...
CVE-2017-18499
The CVE-2017-18499 entry affects the WordPress Simple Membership plugin (pre-3.5.7). The root cause is an XSS flaw in the plugin’s handling of client-side data without proper validation, enabling injection of client-side scripts. The impact is cross-site scripting within WordPress sites using thi...
CVE-2024-11088
CVE-2024-11088 affects the WordPress Simple Membership plugin, up to version 4.5.5, enabling sensitive information exposure via WordPress core search. Unauthenticated users could extract data from restricted posts. Remediation: upgrade to a version later than 4.5.5 (fixed in newer releases).
CVE-2024-22308
CVE-2024-22308 affects the WordPress Simple Membership plugin (versions through 4.4.1). The issue is an open redirect vulnerability in the plugin’s redirect mechanism, allowing unauthenticated attackers to redirect users to untrusted sites. Practical impact is open redirects rather than code exec...
CVE-2016-10884
CVE-2016-10884 affects the WordPress Simple Membership plugin prior to 3.3.3, with multiple CSRF vulnerabilities. The Red Hat, CVE databases and WP vulnerability feeds consistently describe CSRF flaws in this plugin version. The root cause is improper CSRF protection allowing unauthorized state-c...
CVE-2023-4719
The CVE-2023-4719 entry concerns the WordPress Simple Membership plugin. A Reflected Cross‑Site Scripting (XSS) flaw exists in versions up to 4.3.5 via the list_type parameter, caused by insufficient input sanitization and output escaping. Unauthenticated attackers could inject scripts into pages...
CVE-2023-50376
Mode C: Affected software is Simple Membership for WordPress (