cleantalk
Vulnerabilities and Security Researches

Memberful WP, CVE-2024-9242

CVE, Research URL

CVE-2024-9242

Home page URL

Security reports for Memberful WP

Application

Memberful WP

Published on
Oct 04, 2024
Research Description
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.73.8.
Status
vulnerable
Previous vulnerability researches
Memberful WP (CVE-2024-9242) , Oct 05, 2024
Memberful WP (CVE-2024-11294) , Dec 18, 2024
Memberful WP (CVE-2025-58000) , Apr 25, 2026
New vulnerability
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026
Real Estate Manager – Property Listing and Agent Management (CVE-2025-58253) , Apr 25, 2026
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2025-58702) , Apr 25, 2026
Webdesignby Recaptcha (CVE-2026-4512) , Apr 25, 2026