Vulnerabilities and security researches formembership-for-woocommerce membership-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2022-4395
Home page URL: Security reports for Membership For WooCommerce – Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members wi
Application: Membership For WooCommerce – Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members wi
Date: Jan 31, 2023
Research Description: The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Affected versions: Min -, max -.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39579
Home page URL: Security reports for Membership For WooCommerce – Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members wi
Application: Membership For WooCommerce – Add Simple Membership Plans, Recurring Revenue, Product Tags & Send Emails To Members wi
Date: Apr 16, 2025
Research Description: Membership For WooCommerce [membership-for-woocommerce] < 2.8.1 CVE-2025-39579 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0.
Affected versions: Min -, max -.
Status: vulnerable