Vulnerabilities and security researches formemberful-wp memberful-wp

Oct 05, 2024

CVE, Research URL: CVE-2024-9242
Home page URL: Security reports for Memberful WP
Application: Memberful WP
Date: Oct 04, 2024
Research Description: The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.73.8.
Status: vulnerable

Dec 18, 2024

CVE, Research URL: CVE-2024-11294
Home page URL: Security reports for Memberful WP
Application: Memberful WP
Date: Dec 17, 2024
Research Description: The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.
Affected versions: max 1.74.0.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-58000
Home page URL: Security reports for Memberful WP
Application: Memberful WP
Date: Sep 23, 2025
Research Description: Missing Authorization vulnerability in memberful Memberful - Membership Plugin memberful-wp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberful - Membership Plugin: from n/a through <= 1.75.0.
Affected versions: max 1.76.0.
Status: vulnerable