Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-0318	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	5.3	2025-01-18 05:33:49	Deep Dive
CVE-2024-11294	Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure	memberful	Memberful – Membership Plugin	Medium	5.3	2024-12-17 08:22:46	Deep Dive
CVE-2024-10518	ProfilePress < 4.15.15 - Admin+ Stored XSS	Unknown	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content	中危	-	2024-12-12 06:00:18	Deep Dive
CVE-2024-10517	ProfilePress < 4.15.15 - Admin+ Stored XSS	Unknown	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content	中危	-	2024-12-12 06:00:17	Deep Dive
CVE-2024-11008	Members <= 3.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure	supercleanse	Members – Membership & User Role Editor Plugin	Medium	5.3	2024-12-11 10:57:29	Deep Dive
CVE-2024-10681	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	reputeinfosystems	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	6.3	2024-12-06 09:23:00	Deep Dive
CVE-2024-11083	ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	5.3	2024-11-27 05:31:54	Deep Dive
CVE-2024-10528	Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	4.3	2024-11-21 05:33:49	Deep Dive
CVE-2024-10374	WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode	cbutlerjr	WP-Members Membership Plugin	Medium	6.4	2024-10-25 11:36:10	Deep Dive
CVE-2024-9231	WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting	cbutlerjr	WP-Members Membership Plugin	Medium	6.1	2024-10-22 09:32:10	Deep Dive
CVE-2024-9067	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	4.3	2024-10-10 02:06:13	Deep Dive
CVE-2024-8987	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	6.4	2024-10-10 02:06:05	Deep Dive
CVE-2024-9242	Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting	memberful	Memberful – Membership Plugin	Medium	6.4	2024-10-04 05:30:18	Deep Dive
CVE-2024-8519	Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	6.4	2024-10-04 02:32:23	Deep Dive
CVE-2024-8520	Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	5.3	2024-10-04 02:32:22	Deep Dive
CVE-2024-7703	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload	reputeinfosystems	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	6.4	2024-08-17 11:15:02	Deep Dive
CVE-2024-5596	ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions	armember	ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	6.3	2024-06-22 05:47:56	Deep Dive
CVE-2024-4742	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection	youzify	Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress	Medium	6.5	2024-06-20 02:08:20	Deep Dive
CVE-2024-2861	ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-05-23 09:32:33	Deep Dive
CVE-2024-2765	Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Medium	5.4	2024-05-02 16:52:22	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List