Simple Membership@* Security Vulnerabilities and Issues — Simple Membership@* CVE List

Lucene search

Simple-membership-pluginSimple Membership*

5 matches found

CVE•added 2022/02/28 9:15 a.m.•82 views

CVE-2022-0328

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

4.7CVSS4.6AI score0.00106EPSS

CVE•added 2022/03/21 7:15 p.m.•77 views

CVE-2022-0681

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack

6.5CVSS6.4AI score0.00132EPSS

CVE•added 2022/08/01 1:15 p.m.•71 views

CVE-2022-2317

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.

9.8CVSS9.4AI score0.00854EPSS

CVE•added 2022/06/13 1:15 p.m.•68 views

CVE-2022-1724

The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting

6.1CVSS6AI score0.05887EPSS

CVE•added 2022/08/01 1:15 p.m.•54 views

CVE-2022-2273

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.

8.8CVSS8.7AI score0.00628EPSS