| CVE-2022-40700 | Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins | Montonio | Montonio for WooCommerce | High | 8.2 | 2024-01-19 14:30:11 | Deep Dive |
| CVE-2023-52200 | WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection | Repute Infosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Critical | 9.6 | 2024-01-08 19:18:44 | Deep Dive |
| CVE-2023-6733 | WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure | cbutlerjr | WP-Members Membership Plugin | Medium | 6.5 | 2024-01-04 03:30:13 | Deep Dive |
| CVE-2023-47191 | WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) | KaineLabs | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2023-12-21 18:26:53 | Deep Dive |
| CVE-2023-44150 | WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.5 | 2023-11-30 14:50:36 | Deep Dive |
| CVE-2023-47668 | WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure | StellarWP | Membership Plugin – Restrict Content | Medium | 5.3 | 2023-11-23 00:05:55 | Deep Dive |
| CVE-2023-3996 | ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 4.4 | 2023-10-20 07:29:30 | Deep Dive |
| CVE-2023-3182 | Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS | Unknown | Membership Plugin | 中危 | - | 2023-07-17 13:29:57 | Deep Dive |
| CVE-2023-2869 | WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update | cbutlerjr | WP-Members Membership Plugin | Medium | 4.3 | 2023-07-12 04:38:49 | Deep Dive |
| CVE-2023-3011 | ARMember <= 4.0.5 - Cross-Site Request Forgery | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.5 | 2023-07-12 04:38:44 | Deep Dive |
| CVE-2022-47444 | WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS) | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2023-03-29 12:35:45 | Deep Dive |
| CVE-2022-3383 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.2 | 2022-11-29 20:40:10 | Deep Dive |
| CVE-2022-3384 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.2 | 2022-11-29 20:39:57 | Deep Dive |
| CVE-2022-3361 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2022-11-29 20:39:44 | Deep Dive |
| CVE-2022-1950 | Youzify < 1.2.0 - Unauthenticated SQLi | Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 超危 | - | 2022-08-01 12:49:04 | Deep Dive |
| CVE-2022-1903 | ARMember < 3.4.8 - Unauthenticated Admin Account Takeover | Unknown | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | 高危 | - | 2022-06-27 08:58:19 | Deep Dive |
| CVE-2022-1208 | Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2022-06-13 12:43:38 | Deep Dive |
| CVE-2022-1209 | Ultimate Member <= 2.3.1 - Arbitrary Redirect | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2022-05-10 19:34:42 | Deep Dive |
| CVE-2022-0769 | Users Ultra <= 3.1.0 - Unauthenticated SQL Injection | Unknown | Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin | 超危 | - | 2022-04-25 15:51:08 | Deep Dive |
| CVE-2021-25076 | WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting | Unknown | WP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress | 高危 | - | 2022-01-24 08:01:24 | Deep Dive |