CVE-2026-25308 — Missing Authorization in Simple Membership

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 90.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wp.insider Simple Membership

Timeline

PublishedFeb 19

Description

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5wp.insider/simple_membership4.6.9

🔴Vulnerability Details

CVEList

WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability↗2026-02-19

▶

GHSA

GHSA-4234-jpgj-67fv: Missing Authorization vulnerability in wp↗2026-02-19

▶