Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Simple Membership — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in Simple Membership, with AI-generated Chinese analysis, references, and POCs.

This page serves as a vulnerability aggregation resource for Simple Membership, a widely used membership management plugin developed by a third-party vendor, specifically focusing on common weakness enumerations such as cross-site scripting and SQL injection. The database compiles historical security incidents and disclosed flaws affecting this software, covering a comprehensive time range from early adopters in 2018 through recent patches in 2024 to ensure users have access to both legacy risks and current threat landscapes. Visitors can utilize this centralized hub to track vendor advisories over time, gain a deeper understanding of specific weakness classes by analyzing their manifestation within this particular product context, and look up the complete vulnerability history to assess the long-term security posture and patch responsiveness of the Simple Membership ecosystem. By aggregating these diverse data points, the page provides a structured overview that helps security professionals and administrators evaluate exposure levels without needing to search multiple disparate sources. This approach supports more informed decision-making regarding updates and remediation strategies, ensuring that stakeholders can quickly identify whether specific past incidents have been adequately addressed or if residual risks remain in deployed versions. The content is strictly factual, omitting speculative analysis to maintain clarity and utility for technical audiences seeking precise historical data on software security defects.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-11855 Simple Membership < 4.7.5 - Unauthenticated Stored XSS via Stripe Webhook API Version --2026-07-06
CVE-2026-12093 Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook CWE-862 5.3 Medium2026-06-18
CVE-2026-42663 WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-06-15
CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability CWE-862 7.5 High2026-06-15
CVE-2026-1461 Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values CWE-230 6.5 Medium2026-02-19
CVE-2026-25308 WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability CWE-862 4.3 Medium2026-02-19
CVE-2025-49333 WordPress Simple Membership plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-06-06
CVE-2024-11088 Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor CWE-200 5.3 Medium2024-11-21
CVE-2024-49682 WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability CWE-601 4.7 Medium2024-10-24
CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability CWE-269 8.6 High2024-05-17
CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability CWE-287 8.8 High2024-05-17
CVE-2024-4383 Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-05-09
CVE-2024-3730 Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 5.4 Medium2024-04-25
CVE-2024-1985 Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting CWE-79 4.7 Medium2024-03-13
CVE-2024-22308 WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection CWE-601 3.4 Low2024-01-24
CVE-2023-6882 Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_mode CWE-79 6.1 Medium2024-01-11
CVE-2023-50376 WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Unauth. Reflected Cross Site Scripting (XSS) CWE-79 7.1 High2023-12-19
CVE-2023-4719 Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting CWE-79 7.2 High2023-09-06
CVE-2022-4469 Simple Membership < 4.2.2 - Contributor+ Stored XSS 5.4 -2023-01-16
CVE-2022-2317 Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation CWE-269 8.8 -2022-08-01
CVE-2022-2273 Simple Membership < 4.1.3 - Membership Privilege Escalation CWE-269 8.8 -2022-08-01
CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-06-13
CVE-2022-0681 Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF CWE-352 6.5 -2022-03-21
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF CWE-352 4.3 -2022-02-28

All 24 known CVE vulnerabilities affecting Simple Membership with full Chinese analysis, references, and POCs where available.