Vulnerabilities > Simple Membership Plugin > Simple Membership > 4.3.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-24 | CVE-2024-49682 | Open Redirect vulnerability in Simple-Membership-Plugin Simple Membership URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3. | 6.1 |
| 2024-05-14 | CVE-2024-4383 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-13 | CVE-2024-1985 | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-24 | CVE-2024-22308 | Open Redirect vulnerability in Simple-Membership-Plugin Simple Membership URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | 6.1 |