Vulnerabilities > Wpcom > Wpcom Member > 1.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-14 | CVE-2025-2221 | SQL Injection vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-09-06 | CVE-2024-7493 | Unspecified vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. | 9.8 |