CVE-2026-1994
- EPSS 0.07%
- Veröffentlicht 19.02.2026 06:49:43
- Zuletzt bearbeitet 19.02.2026 15:52:39
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This make...
CVE-2025-13732
- EPSS 0.04%
- Veröffentlicht 19.02.2026 04:36:06
- Zuletzt bearbeitet 19.02.2026 15:53:02
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and includin...
CVE-2024-11376
- EPSS 0.68%
- Veröffentlicht 18.02.2025 08:15:08
- Zuletzt bearbeitet 21.02.2025 15:38:34
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the...
CVE-2024-8326
- EPSS 0.8%
- Veröffentlicht 17.12.2024 10:15:06
- Zuletzt bearbeitet 17.12.2024 10:15:06
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_detail...
CVE-2024-0899
- EPSS 0.57%
- Veröffentlicht 09.04.2024 19:15:15
- Zuletzt bearbeitet 21.11.2024 08:47:39
The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This m...