| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-43240 | WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Unauthenticated Privilege Escalation vulnerability | azzaroco | Ultimate Membership Pro | Critical | 9.4 | 2024-08-19 17:07:01 | Deep Dive |
| CVE-2024-43241 | WordPress Indeed Ultimate Membership Pro plugin <= 12.7 - Reflected Cross Site Scripting (XSS) vulnerability | azzaroco | Ultimate Membership Pro | High | 7.1 | 2024-08-18 21:27:01 | Deep Dive |
| CVE-2024-7703 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.4 | 2024-08-17 11:15:02 | Deep Dive |
| CVE-2024-7649 | Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting | wpopal | Opal Membership | Medium | 6.1 | 2024-08-10 03:23:27 | Deep Dive |
| CVE-2024-7648 | Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure | wpopal | Opal Membership | Medium | 4.3 | 2024-08-10 03:23:26 | Deep Dive |
| CVE-2024-1286 | Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure | Unknown | pmpro-membership-maps | - | - | 2024-07-30 06:00:05 | Deep Dive |
| CVE-2024-37110 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability | Membership Software | WishList Member X | High | 7.5 | 2024-07-10 17:58:43 | Deep Dive |
| CVE-2024-37113 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability | Membership Software | WishList Member X | Critical | 9.8 | 2024-07-10 17:57:19 | Deep Dive |
| CVE-2024-37112 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability | Membership Software | WishList Member X | Critical | 10.0 | 2024-07-09 09:07:56 | Deep Dive |
| CVE-2024-37111 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability | Membership Software | WishList Member X | High | 7.5 | 2024-06-24 12:31:19 | Deep Dive |
| CVE-2024-37109 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability | Membership Software | WishList Member X | Critical | 9.9 | 2024-06-24 12:29:27 | Deep Dive |
| CVE-2024-37107 | WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability | Membership Software | WishList Member X | High | 8.8 | 2024-06-24 12:26:19 | Deep Dive |
| CVE-2024-5596 | ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions | armember | ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.3 | 2024-06-22 05:47:56 | Deep Dive |
| CVE-2024-4742 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2024-06-20 02:08:20 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2023-41957 | WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability | smp7, wp.insider | Simple Membership | High | 8.6 | 2024-05-17 06:56:38 | Deep Dive |
| CVE-2023-41956 | WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability | smp7, wp.insider | Simple Membership | High | 8.8 | 2024-05-17 06:55:53 | Deep Dive |
| CVE-2023-41954 | WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability | ProfilePress Membership Team | ProfilePress | High | 8.6 | 2024-05-17 06:54:22 | Deep Dive |
| CVE-2024-4383 | Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | wpinsider-1 | Simple Membership | Medium | 6.4 | 2024-05-09 20:03:27 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |