WP-Members
Chad Butler
Developer
3.5.4.3
Latest version
50,000
Installations
Sep 4, 2025
Last updated
Vulnerability history
0 present
13 fixed
3 Mitigation rules
- Cross Site Scripting (XSS) Vulnerability<= 3.5.4.2Sep 22, 2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names vulnerability<= 3.5.4.2Sep 8, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 3.5.4.1Jul 21, 2025
- Cross Site Scripting (XSS) Vulnerability<= 3.5.4Jun 19, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode vulnerability<= 3.5.2May 16, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_loginout Shortcode vulnerability<= 3.4.9.5Oct 25, 2024
- Reflected Cross-Site Scripting vulnerability<= 3.4.9.5Oct 21, 2024
- Unprotected Storage of Potentially Sensitive Files vulnerability<= 3.4.9.3Apr 26, 2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.4.9.2Apr 1, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.4.9.1Mar 8, 2024
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.2.7Jun 16, 2019
- Stored XSS<= 2.8.9Aug 1, 2014
- Reflected XSS<= 2.8.9Aug 1, 2014