| CVE-2026-6203 | User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2026-04-13 22:25:54 | Deep Dive |
| CVE-2026-1865 | User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2026-04-08 11:16:57 | Deep Dive |
| CVE-2026-24372 | WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability | WP Swings | Subscriptions for WooCommerce | 中危 | - | 2026-03-25 16:14:32 | Deep Dive |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-1926 | Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation | wpswings | Subscriptions for WooCommerce | Medium | 5.3 | 2026-03-18 03:37:15 | Deep Dive |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.8 | 2026-03-03 04:33:21 | Deep Dive |
| CVE-2026-2356 | User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.1 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2025-68514 | WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability | Cozmoslabs | Paid Member Subscriptions | - | - | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2026-1994 | s2Member <= 260127 - Unauthenticated Privilege Escalation via Account Takeover | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | Critical | 9.8 | 2026-02-19 06:49:44 | Deep Dive |
| CVE-2025-13732 | s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | Medium | 6.4 | 2026-02-19 04:36:06 | Deep Dive |
| CVE-2025-14783 | Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.3 | 2025-12-31 06:24:43 | Deep Dive |
| CVE-2025-11876 | Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | jbrinley | Mailgun Subscriptions | Medium | 6.4 | 2025-12-12 07:20:34 | Deep Dive |
| CVE-2025-12752 | Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation | scottpaterson | Subscriptions & Memberships for PayPal | Medium | 5.3 | 2025-11-22 07:29:20 | Deep Dive |
| CVE-2025-66107 | WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability | Scott Paterson | Subscriptions & Memberships for PayPal | 中危 | - | 2025-11-21 12:30:04 | Deep Dive |
| CVE-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.3 | 2025-11-06 04:36:22 | Deep Dive |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2025-11-05 03:27:58 | Deep Dive |
| CVE-2025-9322 | Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection | themeisle | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | High | 7.5 | 2025-10-25 06:49:23 | Deep Dive |
| CVE-2025-57963 | WordPress Zoho Billing Plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability | Zoho Subscriptions | Zoho Billing | Medium | 6.5 | 2025-09-22 18:24:42 | Deep Dive |
| CVE-2025-58600 | WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability | Cozmoslabs | Paid Member Subscriptions | Medium | 5.3 | 2025-09-03 14:36:39 | Deep Dive |