Simple-membership-plugin Simple_membership

20 CVEs affecting Simple-membership-plugin Simple_membership. Latest disclosed: 2024-11-21. Critical: 1, High: 7.

Top CVEs affecting Simple-membership-plugin Simple_membership
CVESeverityScorePublishedSummary
CVE-2022-2317Critical9.82022-08-01The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user sup…
CVE-2023-41956High8.82024-05-17Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
CVE-2022-2273High8.82022-08-01The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escal…
CVE-2016-10884High8.82019-08-14The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
CVE-2019-14328High8.82019-07-28The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
CVE-2023-41957High8.62024-05-17Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a th…
CVE-2023-4719High7.22023-09-06The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3…
CVE-2023-50376High7.12023-12-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.T…
CVE-2022-0681Medium6.52022-03-21The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged…
CVE-2024-4383Medium6.42024-05-14The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in al…
CVE-2023-6882Medium6.12024-01-11The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and incl…
CVE-2022-1724Medium6.12022-06-13The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Re…
CVE-2017-18499Medium6.12019-08-12The simple-membership plugin before 3.5.7 for WordPress has XSS.
CVE-2024-3730Medium5.42024-04-25The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in al…
CVE-2022-4469Medium5.42023-01-16The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, whic…
CVE-2024-11088Medium5.32024-11-21The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core s…
CVE-2024-49682Medium4.72024-10-24URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple M…
CVE-2024-1985Medium4.72024-03-13The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including…
CVE-2022-0328Medium4.72022-02-28The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in adm…
CVE-2024-22308Low3.42024-01-24URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through…