Vulnerabilities > Simple Membership Plugin > Simple Membership > 4.2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-24 | CVE-2024-49682 | Open Redirect vulnerability in Simple-Membership-Plugin Simple Membership URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. | 6.1 |
| 2024-05-17 | CVE-2023-41956 | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4. | 8.8 |
| 2024-05-17 | CVE-2023-41957 | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. | 9.8 |
| 2024-05-14 | CVE-2024-4383 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-13 | CVE-2024-1985 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-24 | CVE-2024-22308 | Open Redirect vulnerability in Simple-Membership-Plugin Simple Membership URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | 6.1 |
| 2024-01-11 | CVE-2023-6882 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-12-19 | CVE-2023-50376 | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8. | 6.1 |
| 2023-09-06 | CVE-2023-4719 | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. | 6.1 |