Search criteria
20 vulnerabilities found for WP-Members Membership Plugin by cbutlerjr
CVE-2025-9489 (GCVE-0-2025-9489)
Vulnerability from cvelistv5 – Published: 2025-09-09 04:25 – Updated: 2025-09-09 13:20
VLAI?
Title
WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names
Summary
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Severity ?
5 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.4.2
(semver)
|
Credits
Kishan Vyas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:19:52.171713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:20:10.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kishan Vyas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T04:25:55.726Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa2035ef-5251-49cc-a480-b6c167b5ef8c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.2/includes/class-wp-members-shortcodes.php#L69"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.2/includes/class-wp-members-shortcodes.php#L983"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-15T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-08-27T09:03:20.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-08T16:23:22.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members Membership Plugin \u003c= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9489",
"datePublished": "2025-09-09T04:25:55.726Z",
"dateReserved": "2025-08-26T13:24:23.171Z",
"dateUpdated": "2025-09-09T13:20:10.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7495 (GCVE-0-2025-7495)
Vulnerability from cvelistv5 – Published: 2025-07-22 04:25 – Updated: 2025-07-22 16:32
VLAI?
Title
WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.4.1
(semver)
|
Credits
muhammad yudha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T16:27:53.546210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:32:00.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "muhammad yudha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpmem_login_link\u0027 shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T04:25:07.143Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/942df4bc-2a17-4add-9664-60d77319b93a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/class-wp-members-shortcodes.php#L1092"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/api/api.php#L144"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/vendor/rocketgeek-utilities/includes/utilities.php#L259"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3331571%40wp-members\u0026new=3331571%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-11T16:22:44.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-21T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7495",
"datePublished": "2025-07-22T04:25:07.143Z",
"dateReserved": "2025-07-11T14:49:02.447Z",
"dateUpdated": "2025-07-22T16:32:00.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4610 (GCVE-0-2025-4610)
Vulnerability from cvelistv5 – Published: 2025-05-17 09:22 – Updated: 2025-05-19 20:20
VLAI?
Title
WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.2
(semver)
|
Credits
muhammad yudha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T20:20:13.819513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T20:20:29.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "muhammad yudha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T09:22:53.941Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ff96d74-8f20-49a6-bd02-0bfe3498b599?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-members/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.2/includes/class-wp-members-products.php#L115"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.2/includes/class-wp-members-products.php#L660"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-members\u0026old=3240295\u0026new_path=%2Fwp-members\u0026new=3293207\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T21:04:33.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4610",
"datePublished": "2025-05-17T09:22:53.941Z",
"dateReserved": "2025-05-12T20:49:19.492Z",
"dateUpdated": "2025-05-19T20:20:29.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10374 (GCVE-0-2024-10374)
Vulnerability from cvelistv5 – Published: 2024-10-25 11:36 – Updated: 2024-10-25 15:16
VLAI?
Title
WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.5
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:16:00.476009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:16:27.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T11:36:09.533Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-members/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3172530/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-24T23:18:08.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10374",
"datePublished": "2024-10-25T11:36:09.533Z",
"dateReserved": "2024-10-24T23:17:42.867Z",
"dateUpdated": "2024-10-25T15:16:27.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9231 (GCVE-0-2024-9231)
Vulnerability from cvelistv5 – Published: 2024-10-22 09:32 – Updated: 2024-10-22 13:09
VLAI?
Title
WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.5
(semver)
|
Credits
Dale Mavers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:09:28.260373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:09:35.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dale Mavers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T09:32:09.502Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members.php#L1960"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members-forms.php#L2198"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3172354/wp-members/trunk/includes/class-wp-members-forms.php?contextall=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-21T20:55:04.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members Membership Plugin \u003c= 3.4.9.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9231",
"datePublished": "2024-10-22T09:32:09.502Z",
"dateReserved": "2024-09-26T18:13:41.501Z",
"dateUpdated": "2024-10-22T13:09:35.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2920 (GCVE-0-2024-2920)
Vulnerability from cvelistv5 – Published: 2024-04-26 07:28 – Updated: 2024-08-01 19:25
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.3
(semver)
|
Credits
Tim Coen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T13:13:55.475701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:59.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3074215%40wp-members\u0026new=3074215%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:28:19.271Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3074215%40wp-members\u0026new=3074215%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-25T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2920",
"datePublished": "2024-04-26T07:28:19.271Z",
"dateReserved": "2024-03-26T14:57:13.649Z",
"dateUpdated": "2024-08-01T19:25:42.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1852 (GCVE-0-2024-1852)
Vulnerability from cvelistv5 – Published: 2024-04-09 18:58 – Updated: 2024-08-01 18:56
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.2
(semver)
|
Credits
Craig Smith
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:30:48.967137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:31.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T18:58:29.359Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-01T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1852",
"datePublished": "2024-04-09T18:58:29.359Z",
"dateReserved": "2024-02-23T17:25:40.290Z",
"dateUpdated": "2024-08-01T18:56:22.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1987 (GCVE-0-2024-1987)
Vulnerability from cvelistv5 – Published: 2024-03-08 05:31 – Updated: 2024-08-01 18:56
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.1
(semver)
|
Credits
Sh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T13:16:40.786233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:12.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3047285%40wp-members%2Ftrunk\u0026old=3025452%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T05:31:47.330Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3047285%40wp-members%2Ftrunk\u0026old=3025452%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-07T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1987",
"datePublished": "2024-03-08T05:31:47.330Z",
"dateReserved": "2024-02-28T19:16:22.624Z",
"dateUpdated": "2024-08-01T18:56:22.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6733 (GCVE-0-2023-6733)
Vulnerability from cvelistv5 – Published: 2024-01-04 03:30 – Updated: 2025-06-17 20:29
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.8
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3015224%40wp-members%2Ftrunk\u0026old=2920897%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-04T14:48:46.190136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:11.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T03:30:12.554Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3015224%40wp-members%2Ftrunk\u0026old=2920897%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6733",
"datePublished": "2024-01-04T03:30:12.554Z",
"dateReserved": "2023-12-12T15:18:41.225Z",
"dateUpdated": "2025-06-17T20:29:11.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2869 (GCVE-0-2023-2869)
Vulnerability from cvelistv5 – Published: 2023-07-12 04:38 – Updated: 2024-10-23 14:48
VLAI?
Summary
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.7.3
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:44:42.769756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:48:54.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.7.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T04:38:48.717Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2869",
"datePublished": "2023-07-12T04:38:48.717Z",
"dateReserved": "2023-05-24T16:34:43.226Z",
"dateUpdated": "2024-10-23T14:48:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9489 (GCVE-0-2025-9489)
Vulnerability from nvd – Published: 2025-09-09 04:25 – Updated: 2025-09-09 13:20
VLAI?
Title
WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names
Summary
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Severity ?
5 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.4.2
(semver)
|
Credits
Kishan Vyas
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:19:52.171713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:20:10.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.4.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kishan Vyas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T04:25:55.726Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa2035ef-5251-49cc-a480-b6c167b5ef8c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.2/includes/class-wp-members-shortcodes.php#L69"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.2/includes/class-wp-members-shortcodes.php#L983"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-15T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-08-27T09:03:20.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-08T16:23:22.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members Membership Plugin \u003c= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9489",
"datePublished": "2025-09-09T04:25:55.726Z",
"dateReserved": "2025-08-26T13:24:23.171Z",
"dateUpdated": "2025-09-09T13:20:10.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7495 (GCVE-0-2025-7495)
Vulnerability from nvd – Published: 2025-07-22 04:25 – Updated: 2025-07-22 16:32
VLAI?
Title
WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.4.1
(semver)
|
Credits
muhammad yudha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T16:27:53.546210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T16:32:00.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.4.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "muhammad yudha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027wpmem_login_link\u0027 shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T04:25:07.143Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/942df4bc-2a17-4add-9664-60d77319b93a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/class-wp-members-shortcodes.php#L1092"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/api/api.php#L144"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.4.1/includes/vendor/rocketgeek-utilities/includes/utilities.php#L259"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3331571%40wp-members\u0026new=3331571%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-11T16:22:44.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-21T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7495",
"datePublished": "2025-07-22T04:25:07.143Z",
"dateReserved": "2025-07-11T14:49:02.447Z",
"dateUpdated": "2025-07-22T16:32:00.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4610 (GCVE-0-2025-4610)
Vulnerability from nvd – Published: 2025-05-17 09:22 – Updated: 2025-05-19 20:20
VLAI?
Title
WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.5.2
(semver)
|
Credits
muhammad yudha
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T20:20:13.819513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T20:20:29.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.5.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "muhammad yudha"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T09:22:53.941Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ff96d74-8f20-49a6-bd02-0bfe3498b599?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-members/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.2/includes/class-wp-members-products.php#L115"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.5.2/includes/class-wp-members-products.php#L660"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-members\u0026old=3240295\u0026new_path=%2Fwp-members\u0026new=3293207\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T21:04:33.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4610",
"datePublished": "2025-05-17T09:22:53.941Z",
"dateReserved": "2025-05-12T20:49:19.492Z",
"dateUpdated": "2025-05-19T20:20:29.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10374 (GCVE-0-2024-10374)
Vulnerability from nvd – Published: 2024-10-25 11:36 – Updated: 2024-10-25 15:16
VLAI?
Title
WP-Members <= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.5
(semver)
|
Credits
Peter Thaleikis
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:16:00.476009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:16:27.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T11:36:09.533Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve"
},
{
"url": "https://wordpress.org/plugins/wp-members/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3172530/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-24T23:18:08.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members \u003c= 3.4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10374",
"datePublished": "2024-10-25T11:36:09.533Z",
"dateReserved": "2024-10-24T23:17:42.867Z",
"dateUpdated": "2024-10-25T15:16:27.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9231 (GCVE-0-2024-9231)
Vulnerability from nvd – Published: 2024-10-22 09:32 – Updated: 2024-10-22 13:09
VLAI?
Title
WP-Members Membership Plugin <= 3.4.9.5 - Reflected Cross-Site Scripting
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.5
(semver)
|
Credits
Dale Mavers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:09:28.260373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:09:35.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dale Mavers"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T09:32:09.502Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members.php#L1960"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/tags/3.4.9.5/includes/class-wp-members-forms.php#L2198"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3172354/wp-members/trunk/includes/class-wp-members-forms.php?contextall=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-21T20:55:04.000+00:00",
"value": "Disclosed"
}
],
"title": "WP-Members Membership Plugin \u003c= 3.4.9.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9231",
"datePublished": "2024-10-22T09:32:09.502Z",
"dateReserved": "2024-09-26T18:13:41.501Z",
"dateUpdated": "2024-10-22T13:09:35.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2920 (GCVE-0-2024-2920)
Vulnerability from nvd – Published: 2024-04-26 07:28 – Updated: 2024-08-01 19:25
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.3
(semver)
|
Credits
Tim Coen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T13:13:55.475701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:29:59.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3074215%40wp-members\u0026new=3074215%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Coen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T07:28:19.271Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3074215%40wp-members\u0026new=3074215%40wp-members\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-25T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2920",
"datePublished": "2024-04-26T07:28:19.271Z",
"dateReserved": "2024-03-26T14:57:13.649Z",
"dateUpdated": "2024-08-01T19:25:42.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1852 (GCVE-0-2024-1852)
Vulnerability from nvd – Published: 2024-04-09 18:58 – Updated: 2024-08-01 18:56
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.2
(semver)
|
Credits
Craig Smith
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:30:48.967137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:31.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T18:58:29.359Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/vendor/rocketgeek-utilities/includes/utilities.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user.php#L524"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-user-profile.php#L566"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-01T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1852",
"datePublished": "2024-04-09T18:58:29.359Z",
"dateReserved": "2024-02-23T17:25:40.290Z",
"dateUpdated": "2024-08-01T18:56:22.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1987 (GCVE-0-2024-1987)
Vulnerability from nvd – Published: 2024-03-08 05:31 – Updated: 2024-08-01 18:56
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.9.1
(semver)
|
Credits
Sh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T13:16:40.786233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:12.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3047285%40wp-members%2Ftrunk\u0026old=3025452%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.9.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T05:31:47.330Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3047285%40wp-members%2Ftrunk\u0026old=3025452%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-07T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1987",
"datePublished": "2024-03-08T05:31:47.330Z",
"dateReserved": "2024-02-28T19:16:22.624Z",
"dateUpdated": "2024-08-01T18:56:22.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6733 (GCVE-0-2023-6733)
Vulnerability from nvd – Published: 2024-01-04 03:30 – Updated: 2025-06-17 20:29
VLAI?
Summary
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.8
(semver)
|
Credits
Francesco Carlucci
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3015224%40wp-members%2Ftrunk\u0026old=2920897%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-04T14:48:46.190136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:11.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T03:30:12.554Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3015224%40wp-members%2Ftrunk\u0026old=2920897%40wp-members%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6733",
"datePublished": "2024-01-04T03:30:12.554Z",
"dateReserved": "2023-12-12T15:18:41.225Z",
"dateUpdated": "2025-06-17T20:29:11.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2869 (GCVE-0-2023-2869)
Vulnerability from nvd – Published: 2023-07-12 04:38 – Updated: 2024-10-23 14:48
VLAI?
Summary
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.
Severity ?
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cbutlerjr | WP-Members Membership Plugin |
Affected:
* , ≤ 3.4.7.3
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:44:42.769756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:48:54.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP-Members Membership Plugin",
"vendor": "cbutlerjr",
"versions": [
{
"lessThanOrEqual": "3.4.7.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T04:38:48.717Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-06-08T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2869",
"datePublished": "2023-07-12T04:38:48.717Z",
"dateReserved": "2023-05-24T16:34:43.226Z",
"dateUpdated": "2024-10-23T14:48:54.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}