Butlerblog Wp-members
9 CVEs affecting Butlerblog Wp-members. Latest disclosed: 2026-01-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-15660 | High | 8.8 | 2019-08-27 | The wp-members plugin before 3.2.8 for WordPress has CSRF. |
CVE-2024-1852 | High | 7.2 | 2024-04-09 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and in… |
CVE-2023-6733 | Medium | 6.5 | 2024-01-04 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem… |
CVE-2024-10374 | Medium | 6.4 | 2024-10-25 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up… |
CVE-2024-1987 | Medium | 6.4 | 2024-03-08 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inc… |
CVE-2024-9231 | Medium | 6.1 | 2024-10-22 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escap… |
CVE-2017-2222 | Medium | 6.1 | 2017-07-07 | Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2025-14448 | Medium | 5.4 | 2026-01-15 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile f… |
CVE-2023-2869 | Medium | 4.3 | 2023-07-12 | The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder f… |