| CVE-2026-1559 | Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.4 | 2026-04-18 01:26:05 | Deep Dive |
| CVE-2026-4949 | ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 4.3 | 2026-04-15 22:26:06 | Deep Dive |
| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2026-04-13 22:25:54 | Deep Dive |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-3309 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2026-04-04 11:16:15 | Deep Dive |
| CVE-2026-3445 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2025-15064 | Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2026-04-04 07:41:57 | Deep Dive |
| CVE-2026-5198 | code-projects Student Membership System Admin Login index.php sql injection | code-projects | Student Membership System | High | 7.3 | 2026-03-31 11:00:14 | Deep Dive |
| CVE-2026-5197 | code-projects Student Membership System delete_user.php sql injection | code-projects | Student Membership System | Medium | 6.3 | 2026-03-31 10:00:16 | Deep Dive |
| CVE-2026-5196 | code-projects Student Membership System delete_member.php sql injection | code-projects | Student Membership System | Medium | 6.3 | 2026-03-31 09:00:15 | Deep Dive |
| CVE-2026-5195 | code-projects Student Membership System User Registration sql injection | code-projects | Student Membership System | High | 7.3 | 2026-03-31 08:15:14 | Deep Dive |
| CVE-2026-5041 | code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection | code-projects | Chamber of Commerce Membership Management System | Medium | 4.7 | 2026-03-29 09:45:11 | Deep Dive |
| CVE-2026-4248 | Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 8.0 | 2026-03-27 22:26:23 | Deep Dive |
| CVE-2026-25357 | WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability | azzaroco | Ultimate Membership Pro | High | 8.1 | 2026-03-25 16:14:45 | Deep Dive |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-4136 | Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect | stellarwp | Membership Plugin – Restrict Content | Medium | 4.3 | 2026-03-20 03:37:03 | Deep Dive |
| CVE-2026-25445 | WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability | Membership Software | WishList Member X | High | 8.8 | 2026-03-19 08:37:54 | Deep Dive |
| CVE-2026-2233 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | Medium | 5.3 | 2026-03-15 02:19:15 | Deep Dive |
| CVE-2026-3453 | ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 8.1 | 2026-03-11 02:22:46 | Deep Dive |
| CVE-2026-1321 | Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' | stellarwp | Membership Plugin – Restrict Content | High | 8.1 | 2026-03-05 07:30:56 | Deep Dive |