CVE-2025-49333 — Cross-site Scripting in Simple Membership

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.5MEDIUM

No vector

EPSS

0.2%

top 60.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wp.insider Simple Membership

Timeline

PublishedJun 6

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through <= 4.6.3.

Affected Packages1 packages

▶CVEListV5wp.insider/simple_membership4.6.3

🔴Vulnerability Details

CVEList

WordPress Simple Membership plugin <= 4.6.3 - Cross Site Scripting (XSS) Vulnerability↗2025-06-06

▶

GHSA

GHSA-p9ph-6ww4-r598: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp↗2025-06-06

▶

📋Vendor Advisories

Microsoft

net/mlx5: E-Switch, pair only capable devices↗2025-02-11

▶