Simple-membership-plugin Simple_membership
20 CVEs affecting Simple-membership-plugin Simple_membership. Latest disclosed: 2024-11-21. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2317 | Critical | 9.8 | 2022-08-01 | The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user sup… |
CVE-2023-41956 | High | 8.8 | 2024-05-17 | Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. |
CVE-2022-2273 | High | 8.8 | 2022-08-01 | The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escal… |
CVE-2016-10884 | High | 8.8 | 2019-08-14 | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. |
CVE-2019-14328 | High | 8.8 | 2019-07-28 | The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. |
CVE-2023-41957 | High | 8.6 | 2024-05-17 | Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a th… |
CVE-2023-4719 | High | 7.2 | 2023-09-06 | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3… |
CVE-2023-50376 | High | 7.1 | 2023-12-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.T… |
CVE-2022-0681 | Medium | 6.5 | 2022-03-21 | The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged… |
CVE-2024-4383 | Medium | 6.4 | 2024-05-14 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in al… |
CVE-2023-6882 | Medium | 6.1 | 2024-01-11 | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and incl… |
CVE-2022-1724 | Medium | 6.1 | 2022-06-13 | The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Re… |
CVE-2017-18499 | Medium | 6.1 | 2019-08-12 | The simple-membership plugin before 3.5.7 for WordPress has XSS. |
CVE-2024-3730 | Medium | 5.4 | 2024-04-25 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in al… |
CVE-2022-4469 | Medium | 5.4 | 2023-01-16 | The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, whic… |
CVE-2024-11088 | Medium | 5.3 | 2024-11-21 | The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core s… |
CVE-2024-49682 | Medium | 4.7 | 2024-10-24 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple M… |
CVE-2024-1985 | Medium | 4.7 | 2024-03-13 | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including… |
CVE-2022-0328 | Medium | 4.7 | 2022-02-28 | The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in adm… |
CVE-2024-22308 | Low | 3.4 | 2024-01-24 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through… |