N/A
2026-02-18< 4.7.1
Simple Membership <= 4.7.0 - Unauthenticated Improper Handling of Missing Values
Simple Membership
Minimum safe version
4.7.2
Update to 4.7.2 or later to address 29 fixable vulnerabilities
Latest available4.7.3 ✓
N/A
2026-03-31< 4.7.2
Simple Membership <= 4.7.1 - Missing Authorization
Medium 4.3
2026-02-19< 4.7.0
CVE-2026-25308
Medium 5.9
2025-06-06< 4.6.4
CVE-2025-49333
Medium 5.3
2025-04-05< 4.5.6
CVE-2024-11088
Medium 4.7
2024-10-24< 4.5.4
CVE-2024-49682
Medium 5.4
2024-05-09< 4.4.6
CVE-2024-4383
Medium 5.4
2024-04-25< 4.4.4
CVE-2024-3730
Medium 6.1
2024-03-13< 4.4.3
CVE-2024-1985
Low 3.4
2024-01-24< 4.4.2
CVE-2024-22308
High 7.1
2024-12-19< 4.3.9
WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Cross Site Scripting (XSS)
Medium 6.1
2024-01-11< 4.3.9
CVE-2023-6882
High 8.6
2024-05-17< 4.3.5
CVE-2023-41957
High 8.8
2024-05-17< 4.3.5
CVE-2023-41956
Medium 6.1
2023-09-06< 4.3.6
CVE-2023-4719
N/A
< 3.2.9
Simple Membership <= 3.2.8 - Cross-Site Scripting (XSS)
N/A
2016-07-14< 3.2.9
Simple Membership < 3.2.9 - Reflected Cross-Site Scripting
Medium 5.4
2023-01-16< 4.2.2
CVE-2022-4469
N/A
2021-04-05< 4.0.4
Simple Membership <= 4.0.3 - Authenticated (Admin+) SQL Injections
Critical 9.8
2022-08-01< 4.1.3
CVE-2022-2317
High 8.8
2022-08-01< 4.1.3
CVE-2022-2273
Medium 6.1
2022-06-13< 4.1.1
CVE-2022-1724
N/A
2016-07-14< 3.2.9
WordPress Simple Membership Plugin <= 3.2.8 - Cross Site Scripting (XSS)
N/A
2021-04-05< 4.0.4
WordPress Simple Membership plugin <= 4.0.3 - Authenticated SQL Injection (SQLi) vulnerability
Medium 6.5
2022-03-21< 4.1.0
CVE-2022-0681
High 8.8
2019-07-29< 3.8.5
WordPress Simple Membership plugin <= 3.8.4 - Cross-Site Request Forgery (CSRF) vulnerability
Medium 6.1
2019-08-12< 3.5.7
CVE-2017-18499
High 8.8
2019-08-14< 3.3.3
CVE-2016-10884
Medium 4.7
2022-02-28< 4.0.9
CVE-2022-0328