Cbutlerjr Wp-members Membership Plugin
13 CVEs affecting Cbutlerjr Wp-members Membership Plugin. Latest disclosed: 2026-03-04. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1852 | High | 7.2 | 2024-04-09 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and in… |
CVE-2026-2363 | Medium | 6.5 | 2026-03-04 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcod… |
CVE-2023-6733 | Medium | 6.5 | 2024-01-04 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem… |
CVE-2025-7495 | Medium | 6.4 | 2025-07-22 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all version… |
CVE-2025-4610 | Medium | 6.4 | 2025-05-17 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all ver… |
CVE-2024-10374 | Medium | 6.4 | 2024-10-25 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up… |
CVE-2024-1987 | Medium | 6.4 | 2024-03-08 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inc… |
CVE-2024-9231 | Medium | 6.1 | 2024-10-22 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escap… |
CVE-2025-14448 | Medium | 5.4 | 2026-01-15 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile f… |
CVE-2025-12648 | Medium | 5.3 | 2026-01-07 | The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user… |
CVE-2024-2920 | Medium | 5.3 | 2024-04-26 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin upl… |
CVE-2025-9489 | Medium | 5.0 | 2025-09-09 | The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is… |
CVE-2023-2869 | Medium | 4.3 | 2023-07-12 | The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder f… |