Vulnerabilities (CVE)

Filtered by vendor Simple-membership-plugin Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2317 1 Simple-membership-plugin 1 Simple Membership 2022-08-05 N/A 9.8 CRITICAL
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
CVE-2022-2273 1 Simple-membership-plugin 1 Simple Membership 2022-08-05 N/A 8.8 HIGH
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.
CVE-2022-1724 1 Simple-membership-plugin 1 Simple Membership 2022-06-17 4.3 MEDIUM 6.1 MEDIUM
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
CVE-2022-0681 1 Simple-membership-plugin 1 Simple Membership 2022-03-28 4.3 MEDIUM 6.5 MEDIUM
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack
CVE-2022-0328 1 Simple-membership-plugin 1 Simple Membership 2022-03-08 4.3 MEDIUM 4.7 MEDIUM
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2017-18499 1 Simple-membership-plugin 1 Simple Membership 2019-09-07 4.3 MEDIUM 6.1 MEDIUM
The simple-membership plugin before 3.5.7 for WordPress has XSS.
CVE-2016-10884 1 Simple-membership-plugin 1 Simple Membership 2019-09-06 6.8 MEDIUM 8.8 HIGH
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
CVE-2019-14328 1 Simple-membership-plugin 1 Simple Membership 2019-08-05 6.8 MEDIUM 8.8 HIGH
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.