Vulnerabilities and security researches forwpcom-member wpcom-member
Direction: ascendingSep 07, 2024
WPCOM Member # CVE-2024-7493
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 06, 2024
- Research Description
- The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 03, 2024
WPCOM Member # CVE-2024-47378
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 05, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 08, 2025
WPCOM Member # CVE-2025-1475
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 07, 2025
- Research Description
- WPCOM Member [wpcom-member] < 1.7.6 CVE-2025-1475
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 15, 2025
WPCOM Member # CVE-2025-2221
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 14, 2025
- Research Description
- WPCOM Member [wpcom-member] < 1.7.7 CVE-2025-2221
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 18, 2025
WPCOM Member # CVE-2025-39570
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 16, 2025
- Research Description
- WPCOM Member [wpcom-member] < 1.7.8 CVE-2025-39570 [en] Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable