Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2024-4133	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect	reputeinfosystems	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	6.1	2024-05-02 16:52:18	Deep Dive
CVE-2024-2867	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-05-02 16:52:05	Deep Dive
CVE-2024-2920	WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files	cbutlerjr	WP-Members Membership Plugin	Medium	5.3	2024-04-26 07:28:19	Deep Dive
CVE-2024-3210	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-04-10 05:32:23	Deep Dive
CVE-2024-0899	s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure	clavaque	s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions	Medium	5.3	2024-04-09 18:59:03	Deep Dive
CVE-2024-1852	WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting	cbutlerjr	WP-Members Membership Plugin	High	7.2	2024-04-09 18:58:29	Deep Dive
CVE-2024-27995	WordPress ARMember plugin <= 4.0.23 - Cross Site Scripting (XSS) vulnerability	Repute Infosystems	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	5.9	2024-03-21 15:00:59	Deep Dive
CVE-2024-29138	WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability	Joachim Jensen	Restrict User Access – Membership Plugin with Force	High	7.1	2024-03-19 13:40:40	Deep Dive
CVE-2024-1806	ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-03-13 15:27:17	Deep Dive
CVE-2024-1409	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-03-13 15:26:49	Deep Dive
CVE-2024-1535	ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-03-13 15:26:44	Deep Dive
CVE-2024-1071	WordPress Plugin Ultimate Member 安全漏洞	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Critical	9.8	2024-03-13 15:26:32	Deep Dive
CVE-2024-2123	Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	High	7.2	2024-03-13 09:35:15	Deep Dive
CVE-2024-1987	WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	cbutlerjr	WP-Members Membership Plugin	Medium	6.4	2024-03-08 05:31:47	Deep Dive
CVE-2024-1408	ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-02-20 18:56:34	Deep Dive
CVE-2024-1519	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.5	2024-02-20 18:56:31	Deep Dive
CVE-2024-1570	ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-02-20 18:56:30	Deep Dive
CVE-2024-0969	ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API	reputeinfosystems	ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Medium	5.3	2024-02-05 21:22:05	Deep Dive
CVE-2024-1046	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-02-05 21:21:51	Deep Dive
CVE-2022-45083	WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection	ProfilePress Membership Team	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.6	2024-01-19 14:37:19	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List