WP-Members
Chad Butler
Developer
3.5.6
Latest version
50,000
Installations
No date
Last updated
Vulnerability history
0 present
17 patched
3 Mitigation rules
- Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability<= 3.5.5.103/03/2026
- Missing Authorization to Sensitive Information Exposure vulnerability<= 3.4.816/02/2026
- Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability<= 3.5.4.315/01/2026
- Unauthenticated Information Exposure via Unprotected Files vulnerability<= 3.5.4.406/01/2026
- Cross Site Scripting (XSS) Vulnerability<= 3.5.4.222/09/2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names vulnerability<= 3.5.4.208/09/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.5.4.121/07/2025
- Cross Site Scripting (XSS) Vulnerability<= 3.5.419/06/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode vulnerability<= 3.5.216/05/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode vulnerability<= 3.4.9.525/10/2024
- Reflected Cross-Site Scripting vulnerability<= 3.4.9.521/10/2024
- Unprotected Storage of Potentially Sensitive Files vulnerability<= 3.4.9.326/04/2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.4.9.201/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.4.9.108/03/2024
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.716/06/2019
- Stored XSS<= 2.8.901/08/2014
- Reflected XSS<= 2.8.901/08/2014