Wpswings

Membership For Woocommerce

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-54692

  • EPSS 0.05%
  • Published 14.08.2025 10:34:51
  • Last modified 14.08.2025 13:11:53

Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0.

7.5

CVE-2025-49265

  • EPSS 0.05%
  • Published 09.06.2025 15:53:53
  • Last modified 12.06.2025 16:06:47

Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1.

6.5

CVE-2025-39579

  • EPSS 0.03%
  • Published 16.04.2025 12:44:25
  • Last modified 16.04.2025 13:25:37

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0.

9.8

CVE-2022-4395

Exploit
  • EPSS 75.49%
  • Published 30.01.2023 21:15:10
  • Last modified 27.03.2025 20:15:17

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.