Simple-membership-plugin

Simple Membership

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-11088

  • EPSS 0.41%
  • Veröffentlicht 21.11.2024 14:15:08
  • Zuletzt bearbeitet 05.04.2025 00:35:39

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive da...

6.1

CVE-2024-49682

  • EPSS 0.2%
  • Veröffentlicht 24.10.2024 12:15:03
  • Zuletzt bearbeitet 31.03.2025 18:13:05

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.

9.8

CVE-2023-41957

  • EPSS 0.14%
  • Veröffentlicht 17.05.2024 07:16:00
  • Zuletzt bearbeitet 25.03.2025 17:27:41

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.

8.8

CVE-2023-41956

  • EPSS 0.46%
  • Veröffentlicht 17.05.2024 07:16:00
  • Zuletzt bearbeitet 25.03.2025 17:28:47

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.

5.4

CVE-2024-4383

  • EPSS 0.25%
  • Veröffentlicht 14.05.2024 15:43:28
  • Zuletzt bearbeitet 05.02.2025 16:46:17

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output es...

5.4

CVE-2024-3730

  • EPSS 0.2%
  • Veröffentlicht 25.04.2024 11:15:46
  • Zuletzt bearbeitet 05.02.2025 16:44:24

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output es...

6.1

CVE-2024-1985

  • EPSS 3.29%
  • Veröffentlicht 13.03.2024 16:15:28
  • Zuletzt bearbeitet 05.02.2025 16:43:56

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.1

CVE-2024-22308

  • EPSS 0.1%
  • Veröffentlicht 24.01.2024 12:15:58
  • Zuletzt bearbeitet 21.11.2024 08:56:02

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.

6.1

CVE-2023-6882

  • EPSS 1.65%
  • Veröffentlicht 11.01.2024 09:15:53
  • Zuletzt bearbeitet 03.06.2025 14:15:41

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it poss...

6.1

CVE-2023-50376

  • EPSS 0.13%
  • Veröffentlicht 19.12.2023 09:15:36
  • Zuletzt bearbeitet 21.11.2024 08:36:55

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.