Cbutlerjr Wp-members Membership Plugin

13 CVEs affecting Cbutlerjr Wp-members Membership Plugin. Latest disclosed: 2026-03-04. Critical: 0, High: 1.

Top CVEs affecting Cbutlerjr Wp-members Membership Plugin
CVESeverityScorePublishedSummary
CVE-2024-1852High7.22024-04-09The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and in…
CVE-2026-2363Medium6.52026-03-04The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcod…
CVE-2023-6733Medium6.52024-01-04The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem…
CVE-2025-7495Medium6.42025-07-22The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all version…
CVE-2025-4610Medium6.42025-05-17The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all ver…
CVE-2024-10374Medium6.42024-10-25The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up…
CVE-2024-1987Medium6.42024-03-08The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inc…
CVE-2024-9231Medium6.12024-10-22The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escap…
CVE-2025-14448Medium5.42026-01-15The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile f…
CVE-2025-12648Medium5.32026-01-07The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user…
CVE-2024-2920Medium5.32024-04-26The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin upl…
CVE-2025-9489Medium5.02025-09-09The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is…
CVE-2023-2869Medium4.32023-07-12The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder f…