WPCOM Member — Vulnerabilities & Security Advisories 7

All 7 CVE vulnerabilities found in WPCOM Member, with AI-generated Chinese analysis, references, and POCs.

Vendor: whyun

CVE ID	Title	CVSS	Severity	Published
CVE-2025-14002	WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP CWE-287	8.1	High	2025-12-16
CVE-2025-11920	WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode CWE-98	8.8	High	2025-11-01
CVE-2025-39570	WordPress WPCOM Member plugin <= 1.7.7 - Local File Inclusion Vulnerability CWE-98	8.8	High	2025-04-16
CVE-2025-2221	WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection CWE-89	7.5	High	2025-03-14
CVE-2025-1475	WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' CWE-287	9.8	Critical	2025-03-07
CVE-2024-47378	WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2024-10-05
CVE-2024-7493	WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta CWE-269	9.8	Critical	2024-09-06

All 7 known CVE vulnerabilities affecting WPCOM Member with full Chinese analysis, references, and POCs where available.