| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2026-04-13 22:25:54 | Deep Dive |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.8 | 2026-03-03 04:33:21 | Deep Dive |
| CVE-2026-2356 | User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.1 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2025-11-05 03:27:58 | Deep Dive |
| CVE-2024-12919 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Critical | 9.8 | 2025-01-14 09:21:55 | Deep Dive |
| CVE-2024-11291 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2024-12-18 11:09:32 | Deep Dive |
| CVE-2024-10261 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | High | 7.3 | 2024-11-09 11:19:46 | Deep Dive |
| CVE-2024-37277 | WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability | Paid Memberships Pro | Paid Memberships Pro | High | 7.5 | 2024-11-01 14:18:27 | Deep Dive |
| CVE-2024-9222 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 6.1 | 2024-10-02 07:35:28 | Deep Dive |
| CVE-2024-37486 | WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability | Paid Memberships Pro | Paid Memberships Pro | High | 7.6 | 2024-07-09 09:01:13 | Deep Dive |
| CVE-2023-39990 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 5.4 | 2024-06-19 12:08:57 | Deep Dive |
| CVE-2023-40608 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability | Paid Memberships Pro | Paid Memberships Pro CCBill Gateway | High | 8.2 | 2024-06-19 11:51:47 | Deep Dive |
| CVE-2024-1407 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.4 | 2024-06-19 06:55:47 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-32793 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 5.4 | 2024-04-24 14:56:56 | Deep Dive |
| CVE-2024-32794 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 4.3 | 2024-04-24 14:55:50 | Deep Dive |
| CVE-2024-0588 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 4.3 | 2024-04-09 18:58:55 | Deep Dive |