Simple-membership-plugin Simple Membership — known CVE vulnerabilities
Every CVE whose affected-product data names Simple-membership-plugin Simple Membership, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2022-2317 — CVSS 9.8 (critical): The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient…
CVE-2022-2273 — CVSS 8.8 (high): The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile…
CVE-2023-4719 — CVSS 7.2 (high): The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to…
CVE-2023-50376 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership…
CVE-2022-0681 — CVSS 6.5 (medium): The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow…
CVE-2024-4383 — CVSS 6.4 (medium): The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_li…
CVE-2022-1724 — CVSS 6.1 (medium): The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX…
CVE-2023-6882 — CVSS 6.1 (medium): The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all…
CVE-2024-3730 — CVSS 5.4 (medium): The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_li…
CVE-2022-4469 — CVSS 5.4 (medium): The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2024-11088 — CVSS 5.3 (medium): The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via…
CVE-2022-0328 — CVSS 4.7 (medium): The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to…
CVE-2024-1985 — CVSS 4.7 (medium): The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up…
CVE-2024-49682 — CVSS 4.7 (medium): URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This…
CVE-2024-22308 — CVSS 3.4 (low): URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple…