Wpinsider-1 Simple Membership vulnerabilities

CVE-2026-1461 [MEDIUM] CWE-230 CVE-2026-1461: The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in a The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which is empty by default. This makes it possible for unau

CVE-2024-11088 [HIGH] CWE-200 CVE-2024-11088: The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all ve The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

CVE-2024-4383 [MEDIUM] CWE-79 CVE-2024-4383: The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor

CVE-2024-3730 [MEDIUM] CWE-79 CVE-2024-3730: The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor

CVE-2024-1985 [MEDIUM] CWE-79 CVE-2024-1985: The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Dis The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user a

CVE-2023-6882 [MEDIUM] CWE-79 CVE-2023-6882: The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can suc

CVE-2023-4719 [MEDIUM] CWE-79 CVE-2023-4719: The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ` The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can