Filtered by vendor Wp-members Project
Subscriptions
Filtered by product Wp-members
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6733 | 1 Wp-members Project | 1 Wp-members | 2024-01-10 | 6.5 Medium |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more. | ||||
| CVE-2023-2869 | 1 Wp-members Project | 1 Wp-members | 2023-11-07 | 4.3 Medium |
| The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms. | ||||
| CVE-2019-15660 | 1 Wp-members Project | 1 Wp-members | 2019-08-28 | N/A |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | ||||
| CVE-2017-2222 | 1 Wp-members Project | 1 Wp-members | 2017-07-12 | N/A |
| Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
Page 1 of 1.