cleantalk
Vulnerabilities and Security Researches

s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription, CVE-2026-1994

CVE, Research URL

CVE-2026-1994

Home page URL

Security reports for s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription

Application

s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscription

Published on
Feb 19, 2026
Research Description
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Affected versions
max 260215.
Status
vulnerable
Previous vulnerability researches
Sports Club Management (CVE-2026-4871) , Apr 13, 2026
New vulnerability
Simple calendar for Elementor (CVE-2026-1310) , Apr 15, 2026
JS Help Desk – Best Help Desk & Support Plugin (CVE-2023-7337) , Apr 15, 2026
WP Duplicate – WordPress Migration Plugin (CVE-2026-1499) , Apr 15, 2026
Ravelry Designs Widget (CVE-2026-1903) , Apr 15, 2026
Collect.chat – Chatbot ⚡️ (CVE-2026-0736) , Apr 15, 2026