Wp.Insider Simple Membership vulnerabilities

CVE-2026-25308 [MEDIUM] CWE-862 CVE-2026-25308: Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploit Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.

CVE-2025-49333 CWE-79 CVE-2025-49333: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership simple-membership allows Stored XSS.This issue affects Simple Membership: from n/a through <= 4.6.3.

CVE-2024-49682 [MEDIUM] CWE-601 CVE-2024-49682: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership si URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.