Lucene search
K
Simple-membership-pluginSimple Membership

20 matches found

CVE
CVE
added 2019/07/28 1:27 p.m.135 views

CVE-2019-14328

The CVE-2019-14328 entry covers a CSRF vulnerability in WordPress Simple Membership plugin up to version 3.8.4, affecting the Bulk Operation feature. Technical details in connected docs show an attacker can abuse CSRF to trigger unintended bulk membership changes by convincing a site administrato...

8.8CVSS8.6AI score0.0315EPSS
CVE
CVE
added 2022/02/28 9:6 a.m.98 views

CVE-2022-0328

The CVE concerns the WordPress Simple Membership plugin (

4.7CVSS4.6AI score0.00464EPSS
Web
CVE
CVE
added 2022/06/13 12:42 p.m.95 views

CVE-2022-1724

The CVE-2022-1724 entry concerns the WordPress Simple Membership plugin (versions prior to 4.1.1). The issue is a reflected Cross-Site Scripting vulnerability in which parameters are not properly sanitized/escaped before being echoed in AJAX actions, enabling injection of malicious scripts when a...

6.1CVSS6AI score0.01693EPSS
Web
CVE
CVE
added 2022/03/21 6:55 p.m.92 views

CVE-2022-0681

Consolidated details for CVE-2022-0681: The WordPress plugin Simple Membership (pre-4.1.0) does not perform CSRF checks when deleting Transactions, allowing a logged-in admin to delete arbitrary transactions via CSRF. Impact is a CSRF vulnerability enabling unauthorized deletion of transactions b...

6.5CVSS6.4AI score0.00523EPSS
Web
CVE
CVE
added 2022/08/01 12:52 p.m.90 views

CVE-2022-2317

CVE-2022-2317 affects the WordPress plugin Simple Membership (versions before 4.1.3). The root cause is insufficient validation of a user-supplied parameter during registration, allowing an unauthenticated user to elevate membership privileges by manipulating the level_identifier value (as demons...

9.8CVSS9.4AI score0.01126EPSS
Web
CVE
CVE
added 2024/04/25 11:0 a.m.74 views

CVE-2024-3730

CVE-2024-3730 affects the Simple Membership WordPress plugin (versions up to and including 4.4.3). The flaw is a Stored XSS in the swpm_paypal_subscription_cancel_link shortcode due to insufficient input sanitization and output escaping of attributes. Exploitation requires an authenticated user w...

5.4CVSS5.7AI score0.0034EPSS
CVE
CVE
added 2022/08/01 12:51 p.m.72 views

CVE-2022-2273

CVE-2022-2273 affects the WordPress Simple Membership plugin prior to 4.1.3. The root cause is improper validation of the membership_level parameter when editing a profile, which permits a crafted POST request to escalate a member’s privileges to a higher membership level. References indicate a c...

8.8CVSS8.7AI score0.00954EPSS
Web
CVE
CVE
added 2023/01/16 3:37 p.m.68 views

CVE-2022-4469

The CVE-2022-4469 entry concerns the WordPress Simple Membership plugin prior to 4.2.2. The flaw is in the shortcode attribute handling: the plugin does not validate or escape certain attributes before output, enabling Stored XSS. The impact is that a user with as low as Contributor can trigger s...

5.4CVSS5.3AI score0.00534EPSS
CVE
CVE
added 2024/05/17 6:56 a.m.68 views

CVE-2023-41957

CVE-2023-41957 affects WordPress Simple Membership Plugin (

9.8CVSS6.8AI score0.00598EPSS
CVE
CVE
added 2024/05/17 6:55 a.m.66 views

CVE-2023-41956

The CVE-2023-41956 entry concerns WordPress Simple Membership (smp7) with an Improper Authentication flaw that allowed an authenticated user to takeover accounts via the password reset flow. Affected versions are Simple Membership up to 4.3.4; patched in 4.3.5. Reports from NVD/Red Hat/Wordfence ...

8.8CVSS6.8AI score0.007EPSS
CVE
CVE
added 2024/05/09 8:3 p.m.65 views

CVE-2024-4383

CVE-2024-4383 affects the WordPress plugin Simple Membership. The vulnerability is a Stored Cross-Site Scripting via the plugin’s swpm_paypal_subscription_cancel_link shortcode in all versions up to and including 4.4.5, caused by insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.00429EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.61 views

CVE-2023-6882

CVE-2023-6882 : The Simple Membership WordPress plugin is vulnerable to a reflected XSS via the environment_mode parameter in all versions up to 4.3.8 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject scripts into pages that run when a use...

6.1CVSS6.2AI score0.00377EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.58 views

CVE-2024-1985

CVE-2024-1985 affects the WordPress plugin Simple Membership . It is a Stored XSS via the Display Name parameter in versions up to 4.4.2, caused by insufficient input sanitization and output escaping. The vulnerability could let an attacker inject scripts that execute when a user loads a page. Ex...

6.1CVSS5.3AI score0.00867EPSS
CVE
CVE
added 2024/10/24 11:36 a.m.57 views

CVE-2024-49682

CVE-2024-49682 is an Open Redirect vulnerability in the WordPress plugin Simple Membership (versions ≤ 4.5.3). The issue allows redirection to untrusted sites, enabling phishing scenarios as described in multiple sources. Public docs consistently name the affected component as the Simple Membersh...

6.1CVSS5.9AI score0.00251EPSS
CVE
CVE
added 2019/08/12 3:41 p.m.55 views

CVE-2017-18499

The CVE-2017-18499 entry affects the WordPress Simple Membership plugin (pre-3.5.7). The root cause is an XSS flaw in the plugin’s handling of client-side data without proper validation, enabling injection of client-side scripts. The impact is cross-site scripting within WordPress sites using thi...

6.1CVSS6.4AI score0.00916EPSS
CVE
CVE
added 2024/11/21 1:55 p.m.54 views

CVE-2024-11088

CVE-2024-11088 affects the WordPress Simple Membership plugin, up to version 4.5.5, enabling sensitive information exposure via WordPress core search. Unauthenticated users could extract data from restricted posts. Remediation: upgrade to a version later than 4.5.5 (fixed in newer releases).

7.5CVSS5.3AI score0.00619EPSS
CVE
CVE
added 2024/01/24 11:59 a.m.53 views

CVE-2024-22308

CVE-2024-22308 affects the WordPress Simple Membership plugin (versions through 4.4.1). The issue is an open redirect vulnerability in the plugin’s redirect mechanism, allowing unauthenticated attackers to redirect users to untrusted sites. Practical impact is open redirects rather than code exec...

6.1CVSS7AI score0.00281EPSS
CVE
CVE
added 2019/08/14 3:26 p.m.52 views

CVE-2016-10884

CVE-2016-10884 affects the WordPress Simple Membership plugin prior to 3.3.3, with multiple CSRF vulnerabilities. The Red Hat, CVE databases and WP vulnerability feeds consistently describe CSRF flaws in this plugin version. The root cause is improper CSRF protection allowing unauthorized state-c...

8.8CVSS8.8AI score0.00699EPSS
CVE
CVE
added 2023/09/06 1:52 a.m.52 views

CVE-2023-4719

The CVE-2023-4719 entry concerns the WordPress Simple Membership plugin. A Reflected Cross‑Site Scripting (XSS) flaw exists in versions up to 4.3.5 via the list_type parameter, caused by insufficient input sanitization and output escaping. Unauthenticated attackers could inject scripts into pages...

7.2CVSS6.2AI score0.00478EPSS
CVE
CVE
added 2023/12/19 8:27 a.m.29 views

CVE-2023-50376

Mode C: Affected software is Simple Membership for WordPress (

7.1CVSS7.1AI score0.00459EPSS