cbcvebase.

E-Plugins Wp Membership vulnerabilities

6 known vulnerabilities affecting e-plugins/wp_membership.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-10547P2CRITICALCVSS 9.8≤ 1.6.22024-11-09
CVE-2024-10547 [CRITICAL] CWE-434 CVE-2024-10547: The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution
nvd
CVE-2025-69292P3HIGHCVSS 8.8≤ 1.6.42026-01-22
CVE-2025-69292 [HIGH] CWE-266 CVE-2025-69292: Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privile Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
nvd
CVE-2015-4039P4MEDIUMCVSS 5.4PoCv1.2.32020-01-06
CVE-2015-4039 [MEDIUM] CVE-2015-4039: Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
nvd
CVE-2020-36666P3HIGHCVSS 8.8fixed in 1.5.72023-03-27
CVE-2020-36666 [HIGH] CWE-269 CVE-2020-36666: The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plug The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugi
nvd
CVE-2025-69193P3HIGHCVSS 7.3≤ 1.6.42026-01-22
CVE-2025-69193 [HIGH] CWE-862 CVE-2025-69193: Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incor Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
nvd
CVE-2025-54717P4MEDIUMCVSS 5.4≤ 1.6.32025-08-14
CVE-2025-54717 [MEDIUM] CWE-862 CVE-2025-54717: Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incor Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.
nvd
E-Plugins Wp Membership vulnerabilities | cvebase