Vulnerabilities > Wpcom

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-14	CVE-2025-2221	SQL Injection vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity wpcom CWE-89	7.5
2024-10-05	CVE-2024-47378	Cross-site Scripting vulnerability in Wpcom Member Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. network low complexity wpcom CWE-79	6.1
2024-09-06	CVE-2024-7493	Unspecified vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. network low complexity wpcom critical	9.8

Vulnerabilities > Wpcom {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wpcom"}]}