Wpcom Wpcom_member
3 CVEs affecting Wpcom Wpcom_member. Latest disclosed: 2025-03-14. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-7493 | Critical | 9.8 | 2024-09-06 | The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing a… |
CVE-2025-2221 | High | 7.5 | 2025-03-14 | The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due… |
CVE-2024-47378 | High | 7.1 | 2024-10-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This… |