Filtered by vendor Wp-members Project
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6733 | 1 Wp-members Project | 1 Wp-members | 2024-01-10 | N/A | 6.5 MEDIUM |
| The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more. | |||||
| CVE-2023-2869 | 1 Wp-members Project | 1 Wp-members | 2023-11-07 | N/A | 4.3 MEDIUM |
| The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms. | |||||
| CVE-2019-15660 | 1 Wp-members Project | 1 Wp-members | 2019-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | |||||
| CVE-2017-2222 | 1 Wp-members Project | 1 Wp-members | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||