Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2025-2221
- EPSS 0.1%
- Published 14.03.2025 07:15:38
- Last modified 21.03.2025 14:50:44
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
6.1
CVE-2024-47378
- EPSS 0.13%
- Published 05.10.2024 15:15:13
- Last modified 27.05.2025 19:27:42
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
9.8
CVE-2024-7493
- EPSS 0.68%
- Published 06.09.2024 14:15:12
- Last modified 26.09.2024 17:41:16
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible ...
1