Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WP-Members Membership Plugin — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in WP-Members Membership Plugin, with AI-generated Chinese analysis, references, and POCs.

Vendor: cbutlerjr

CVE IDTitleCVSSSeverityPaused
CVE-2026-2363 WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute CWE-89 6.5 Medium2026-03-04
CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields CWE-79 5.4 Medium2026-01-15
CVE-2025-12648 WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files CWE-552 5.3 Medium2026-01-07
CVE-2025-9489 WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names CWE-94 5.0 Medium2025-09-09
CVE-2025-7495 WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-07-22
CVE-2025-4610 WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode CWE-79 6.4 Medium2025-05-17
CVE-2024-10374 WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode CWE-79 6.4 Medium2024-10-25
CVE-2024-9231 WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-10-22
CVE-2024-2920 WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files CWE-200 5.3 Medium2024-04-26
CVE-2024-1852 WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2024-04-09
CVE-2024-1987 WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-03-08
CVE-2023-6733 WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure CWE-284 6.5 Medium2024-01-04
CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update CWE-862 4.3 Medium2023-07-12

All 13 known CVE vulnerabilities affecting WP-Members Membership Plugin with full Chinese analysis, references, and POCs where available.