| CVE-2026-4949 | ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 4.3 | 2026-04-15 22:26:06 | Deep Dive |
| CVE-2026-5617 | Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie | royalnavneet | Login as User – Switch User & WooCommerce Login as Customer | High | 8.8 | 2026-04-15 07:45:30 | Deep Dive |
| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2026-04-13 22:25:54 | Deep Dive |
| CVE-2026-4979 | UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 5.0 | 2026-04-11 01:25:00 | Deep Dive |
| CVE-2026-4977 | UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 4.3 | 2026-04-10 01:25:01 | Deep Dive |
| CVE-2026-5742 | UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2026-04-09 03:25:58 | Deep Dive |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-39605 | WordPress Super Custom Login plugin <= 1.1 - Broken Access Control vulnerability | Obadiah | Super Custom Login | - | - | 2026-04-08 08:30:22 | Deep Dive |
| CVE-2026-5543 | PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection | PHPGurukul | User Registration & Login and User Management System | Medium | 6.3 | 2026-04-05 04:30:14 | Deep Dive |
| CVE-2026-3309 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2026-04-04 11:16:15 | Deep Dive |
| CVE-2026-3445 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2025-15064 | Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2026-04-04 07:41:57 | Deep Dive |
| CVE-2026-4248 | Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 8.0 | 2026-03-27 22:26:23 | Deep Dive |
| CVE-2026-1917 | Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 | Drupal | Login Disable | 中危 | - | 2026-03-25 15:20:20 | Deep Dive |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-3453 | ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 8.1 | 2026-03-11 02:22:46 | Deep Dive |
| CVE-2026-26148 | Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability | Microsoft | Microsoft Azure AD SSH Login extension for Linux | High | 8.1 | 2026-03-10 17:05:15 | Deep Dive |
| CVE-2026-2418 | Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass | Unknown | Login with Salesforce | 中危 | - | 2026-03-05 06:00:03 | Deep Dive |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.8 | 2026-03-03 04:33:21 | Deep Dive |
| CVE-2026-2628 | All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass | cyberlord92 | All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login | Critical | 9.8 | 2026-03-03 01:21:50 | Deep Dive |