Known Vulnerabilities for products from Simple-membership-plugin
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Simple-membership-plugin".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-49682 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Ph... | Not Provided | 2024-10-24 | 2026-04-23 |
| CVE-2024-22308 json | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Si... | Not Provided | 2024-01-24 | 2026-04-28 |
| CVE-2024-4383 json | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscri... | Not Provided | 2024-05-14 | 2026-04-08 |
| CVE-2024-3730 json | The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscri... | Not Provided | 2024-04-25 | 2026-04-08 |
| CVE-2024-1985 json | Not Provided | 2024-03-13 | 2026-04-08 | |
| CVE-2023-50376 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple... | Not Provided | 2023-12-19 | 2026-04-28 |
| CVE-2023-6882 json | Not Provided | 2024-01-11 | 2026-04-08 | |
| CVE-2023-4719 json | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in v... | Not Provided | 2023-09-06 | 2026-04-08 |
| CVE-2023-0254 json | The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in v... | Not Provided | 2023-01-12 | 2026-04-08 |
| CVE-2022-4469 json | The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outp... | 5.4 - MEDIUM | 2023-01-16 | 2023-11-07 |
| CVE-2022-2317 json | The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to i... | 9.8 - CRITICAL | 2022-08-01 | 2022-08-05 |
| CVE-2022-2273 json | The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a ... | 8.8 - HIGH | 2022-08-01 | 2022-08-05 |
| CVE-2022-1724 json | The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them b... | 6.1 - MEDIUM | 2022-06-13 | 2022-06-17 |
| CVE-2022-0681 json | The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could... | 6.5 - MEDIUM | 2022-03-21 | 2022-03-28 |
| CVE-2022-0328 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.7 - MEDIUM | 2022-02-28 | 2022-03-08 |
| CVE-2019-14328 json | The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section. | 8.8 - HIGH | 2019-07-28 | 2019-08-05 |
| CVE-2017-18499 json | The simple-membership plugin before 3.5.7 for WordPress has XSS. | 6.1 - MEDIUM | 2019-08-12 | 2023-02-24 |
| CVE-2016-10884 json | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | 8.8 - HIGH | 2019-08-14 | 2023-03-01 |
Known software with vulnerabilities from Simple-membership-plugin
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Simple-membership-plugin | Simple Membership | 1.2 |