| CVE-2025-3998 | CodeAstro Membership Management System renew.php sql injection | CodeAstro | Membership Management System | High | 7.3 | 2025-04-28 03:00:06 | Deep Dive |
| CVE-2025-2594 | User Registration & Membership < 4.1.3 - Authentication Bypass | Unknown | User Registration & Membership | 高危 | - | 2025-04-22 06:00:07 | Deep Dive |
| CVE-2025-3278 | UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation | Edge-Themes | UrbanGo Membership | Critical | 9.8 | 2025-04-19 02:22:34 | Deep Dive |
| CVE-2025-39579 | WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability | WP Swings | Membership For WooCommerce | Medium | 6.5 | 2025-04-16 12:44:25 | Deep Dive |
| CVE-2025-2563 | User Registration & Membership < 4.1.2- Unauthenticated Privilege Escalation | Unknown | User Registration & Membership | - | - | 2025-04-14 06:00:10 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-1702 | Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-03-05 11:22:09 | Deep Dive |
| CVE-2025-1671 | Academist Membership <= 1.1.6 - Authentication Bypass via Account Takeover | Elated-Themes | Academist Membership | Critical | 9.8 | 2025-03-01 07:24:05 | Deep Dive |
| CVE-2025-1564 | SetSail Membership <= 1.0.3 - Authentication Bypass via Account Takeover | Select-Themes | SetSail Membership | Critical | 9.8 | 2025-03-01 07:24:05 | Deep Dive |
| CVE-2025-1638 | Alloggio Membership <= 1.1 - Authentication Bypass via Social Login Account Takeover | Edge-Themes | Alloggio Membership | Critical | 9.8 | 2025-03-01 07:24:04 | Deep Dive |
| CVE-2025-1511 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2025-02-28 05:23:14 | Deep Dive |
| CVE-2024-12276 | Ultimate Member <= 2.9.2 - Authenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-02-21 09:21:06 | Deep Dive |
| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |
| CVE-2025-24660 | WordPress Simple Membership Custom Messages Plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability | wp.insider | Simple Membership Custom Messages | High | 7.1 | 2025-02-03 14:22:49 | Deep Dive |
| CVE-2024-11090 | Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | stellarwp | Membership Plugin – Restrict Content | Medium | 5.3 | 2025-01-26 06:41:21 | Deep Dive |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2025-01-25 07:24:20 | Deep Dive |
| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:17 | Deep Dive |