Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple-membership-plugin simple membership vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22308
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a up to and including 4.4.1.
Simple-membership-plugin Simple Membership
NA
CVE-2023-50376
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a up to and including 4.3.8.
Simple-membership-plugin Simple Membership
685
VMScore
CVE-2019-14328
The Simple Membership plugin prior to 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
Simple-membership-plugin Simple Membership
1 EDB exploit
383
VMScore
CVE-2022-0328
The Simple Membership WordPress plugin prior to 4.0.9 does not have CSRF check when deleting members in bulk, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Simple-membership-plugin Simple Membership
383
VMScore
CVE-2022-0681
The Simple Membership WordPress plugin prior to 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow malicious users to make a logged in admin delete arbitrary transactions via a CSRF attack
Simple-membership-plugin Simple Membership
NA
CVE-2023-4719
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could i...
Simple-membership-plugin Simple Membership
383
VMScore
CVE-2017-18499
The simple-membership plugin prior to 3.5.7 for WordPress has XSS.
Simple-membership-plugin Simple Membership
NA
CVE-2022-2273
The Simple Membership WordPress plugin prior to 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
Simple-membership-plugin Simple Membership
383
VMScore
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
NA
CVE-2023-6882
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...
Simple-membership-plugin Simple Membership
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »