cleantalk
Vulnerabilities and Security Researches

WP-Members Membership Plugin, CVE-2025-7495

CVE, Research URL

CVE-2025-7495

Home page URL

Security reports for WP-Members Membership Plugin

Application

WP-Members Membership Plugin

Published on
Jul 22, 2025
Research Description
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.5.4.2.
Status
vulnerable
Previous vulnerability researches
LightBox Block (CVE-2025-54051) , Jul 19, 2025
New vulnerability
CRM and Lead Management by vcita (CVE-2025-5240) , Jul 23, 2025
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2025-4685) , Jul 23, 2025
Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Galle (CVE-2025-7644) , Jul 23, 2025
bSecure – Your Universal Checkout (CVE-2025-6187) , Jul 23, 2025
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-6831) , Jul 23, 2025