Vulnerabilities and security researches forbuddypress-members-only buddypress-members-only

Jun 07, 2024

CVE, Research URL: CVE-2024-0972
Home page URL: Security reports for BuddyPress Members Only
Application: BuddyPress Members Only
Date: Jun 06, 2024
Research Description: The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content.
Affected versions: max 4.4.9.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31812
Home page URL: Security reports for BuddyPress Members Only
Application: BuddyPress Members Only
Date: Apr 01, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas BuddyPress Members Only allows Stored XSS. This issue affects BuddyPress Members Only: from n/a through 3.5.3.
Affected versions: max 3.5.3.
Status: vulnerable