WP-Members
Chad Butler
Developer
3.5.6
Latest version
50,000
Installations
No date
Last updated
Vulnerability history
0 present
17 patched
3 Mitigation rules
- Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability<= 3.5.5.1Mar 3, 2026
- Missing Authorization to Sensitive Information Exposure vulnerability<= 3.4.8Feb 16, 2026
- Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability<= 3.5.4.3Jan 15, 2026
- Unauthenticated Information Exposure via Unprotected Files vulnerability<= 3.5.4.4Jan 6, 2026
- Cross Site Scripting (XSS) Vulnerability<= 3.5.4.2Sep 22, 2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names vulnerability<= 3.5.4.2Sep 8, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.5.4.1Jul 21, 2025
- Cross Site Scripting (XSS) Vulnerability<= 3.5.4Jun 19, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode vulnerability<= 3.5.2May 16, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode vulnerability<= 3.4.9.5Oct 25, 2024
- Reflected Cross-Site Scripting vulnerability<= 3.4.9.5Oct 21, 2024
- Unprotected Storage of Potentially Sensitive Files vulnerability<= 3.4.9.3Apr 26, 2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.4.9.2Apr 1, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.4.9.1Mar 8, 2024
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.7Jun 16, 2019
- Stored XSS<= 2.8.9Aug 1, 2014
- Reflected XSS<= 2.8.9Aug 1, 2014