Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-2221
- EPSS 0.6%
- Veröffentlicht 14.03.2025 07:15:38
- Zuletzt bearbeitet 21.03.2025 14:50:44
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
6.1
CVE-2024-47378
- EPSS 0.39%
- Veröffentlicht 05.10.2024 15:15:13
- Zuletzt bearbeitet 01.04.2026 16:18:13
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through <= 1.5.4.
9.8
CVE-2024-7493
- EPSS 1.13%
- Veröffentlicht 06.09.2024 14:15:12
- Zuletzt bearbeitet 08.04.2026 19:22:18
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible ...
1