Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple-membership-plugin simple membership vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4719
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could i...
Simple-membership-plugin Simple Membership
4.3
CVSSv2
CVE-2022-1724
The Simple Membership WordPress plugin prior to 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
Simple-membership-plugin Simple Membership
NA
CVE-2023-50376
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a up to and including 4.3.8.
Simple-membership-plugin Simple Membership
NA
CVE-2022-2273
The Simple Membership WordPress plugin prior to 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
Simple-membership-plugin Simple Membership
4.3
CVSSv2
CVE-2017-18499
The simple-membership plugin prior to 3.5.7 for WordPress has XSS.
Simple-membership-plugin Simple Membership
6.8
CVSSv2
CVE-2019-14328
The Simple Membership plugin prior to 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
Simple-membership-plugin Simple Membership
1 EDB exploit
4.3
CVSSv2
CVE-2022-0681
The Simple Membership WordPress plugin prior to 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow malicious users to make a logged in admin delete arbitrary transactions via a CSRF attack
Simple-membership-plugin Simple Membership
6.8
CVSSv2
CVE-2016-10884
The simple-membership plugin prior to 3.3.3 for WordPress has multiple CSRF issues.
Simple-membership-plugin Simple Membership
4.3
CVSSv2
CVE-2022-0328
The Simple Membership WordPress plugin prior to 4.0.9 does not have CSRF check when deleting members in bulk, which could allow malicious users to make a logged in admin delete them via a CSRF attack
Simple-membership-plugin Simple Membership
NA
CVE-2024-22308
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a up to and including 4.4.1.
Simple-membership-plugin Simple Membership
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »