s2Member

Cristián Lávaque

Developer

260325

Latest version

9,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

12 patched

8 Mitigation rules

Unauthenticated Privilege Escalation via Account Takeover vulnerability
<= 260127
19/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 251005
18/02/2026
WordPress s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241216 - Reflected Cross-Site Scripting vulnerability
<= 241216
31/12/2025
Remote Code Execution (RCE) vulnerability
<= 250905
01/10/2025
PHP Object Injection Vulnerability
<= 250701
21/08/2025
Local File Inclusion vulnerability
<= 250419
04/04/2025
Reflected Cross Site Scripting (XSS) vulnerability
<= 241216
22/02/2025
Unauthenticated PHP Object Injection vulnerability
<= 241216
14/02/2025
Authenticated (Contributor+) Sensitive Information Exposure vulnerability
<= 241114
16/12/2024
Remote Code Execution (RCE) vulnerability
<= 241114
02/12/2024
Privilege Escalation vulnerability
<= 240315
05/04/2024
Information Exposure vulnerability
<= 230815
19/03/2024