| CVE-2026-2363 | WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute | cbutlerjr | WP-Members Membership Plugin | Medium | 6.5 | 2026-03-04 06:26:53 | Deep Dive |
| CVE-2026-1492 | User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.8 | 2026-03-03 04:33:21 | Deep Dive |
| CVE-2026-1565 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload | wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration | High | 8.8 | 2026-02-26 19:23:10 | Deep Dive |
| CVE-2026-2356 | User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1779 | User Registration & Membership <= 5.1.2 - Authentication Bypass | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.1 | 2026-02-26 02:23:56 | Deep Dive |
| CVE-2026-1461 | Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values | wpinsider-1 | Simple Membership | Medium | 6.5 | 2026-02-19 09:26:35 | Deep Dive |
| CVE-2026-25308 | WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability | wp.insider | Simple Membership | - | - | 2026-02-19 08:26:53 | Deep Dive |
| CVE-2026-1404 | Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.1 | 2026-02-18 14:24:59 | Deep Dive |
| CVE-2026-1304 | Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings | stellarwp | Membership Plugin – Restrict Content | Medium | 4.4 | 2026-02-18 05:29:19 | Deep Dive |
| CVE-2025-15147 | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment | wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | Medium | 4.3 | 2026-02-09 23:23:28 | Deep Dive |
| CVE-2026-24986 | WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability | wp.insider | Simple Membership WP user Import | - | - | 2026-02-03 14:08:36 | Deep Dive |
| CVE-2025-69292 | WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability | e-plugins | WP Membership | - | - | 2026-01-22 16:52:31 | Deep Dive |
| CVE-2025-69193 | WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability | e-plugins | WP Membership | - | - | 2026-01-22 16:52:31 | Deep Dive |
| CVE-2025-14844 | Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | High | 8.2 | 2026-01-16 09:23:47 | Deep Dive |
| CVE-2025-14448 | WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields | cbutlerjr | WP-Members Membership Plugin | Medium | 5.4 | 2026-01-15 05:24:19 | Deep Dive |
| CVE-2026-0850 | code-projects Intern Membership Management System delete_activity.php sql injection | code-projects | Intern Membership Management System | Medium | 4.7 | 2026-01-11 23:02:06 | Deep Dive |
| CVE-2025-14976 | User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.4 | 2026-01-10 08:22:57 | Deep Dive |
| CVE-2026-0729 | code-projects Intern Membership Management System add_activity.php sql injection | code-projects | Intern Membership Management System | Medium | 4.7 | 2026-01-08 21:32:07 | Deep Dive |
| CVE-2026-0728 | code-projects Intern Membership Management System delete_admin.php sql injection | code-projects | Intern Membership Management System | Medium | 4.7 | 2026-01-08 20:32:08 | Deep Dive |
| CVE-2026-0701 | code-projects Intern Membership Management System add_admin.php sql injection | code-projects | Intern Membership Management System | Medium | 4.7 | 2026-01-08 08:02:06 | Deep Dive |