Medium 5.5
2025-09-22< 3.5.4.3
WP-Members <= 3.5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
WP-Members Membership Plugin
Minimum safe version
3.5.6
Update to 3.5.6 or later to address 23 fixable vulnerabilities
Latest available3.5.6 ✓
N/A
2025-09-08< 3.5.4.3
WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names
N/A
2026-03-03< 3.5.6
WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute
Medium 5.4
2026-01-15< 3.5.4.4
CVE-2025-14448
Medium 5.3
2026-01-07< 3.5.4.5
CVE-2025-12648
Medium 6.4
2025-07-22< 3.5.4.2
WP-Members <= 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 6.5
2025-06-20< 3.5.4.1
CVE-2025-50051
Medium 6.4
2025-05-17< 3.5.3
WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode
Medium 6.4
2024-10-25< 3.4.9.6
CVE-2024-10374
Medium 6.1
2024-10-22< 3.4.9.6
CVE-2024-9231
Medium 5.3
2024-04-26< 3.4.9.4
CVE-2024-2920
Medium 6.1
2024-04-09< 3.4.9.3
CVE-2024-1852
Medium 5.4
2024-03-08< 3.4.9.2
CVE-2024-1987
Medium 6.5
2024-01-04< 3.4.9
CVE-2023-6733
N/A
< 2.8.10
WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS
N/A
< 2.8.10
WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS
Medium 4.3
2023-07-12< 3.4.8
CVE-2023-2869
N/A
2014-01-07< 2.8.10
WP-Members Membership Plugin <= 2.8.9 - Reflected Cross-Site Scripting
N/A
2014-08-01< 2.8.10
WordPress Members Plugin <= 2.8.9 - Reflected XSS
N/A
2014-08-01< 2.8.10
WordPress Members Plugin <= 2.8.9 - Stored XSS
N/A
2019-06-16< 3.2.8.1
WordPress WP-Members plugin <= 3.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
Medium 6.1
2017-07-07< 3.1.8
CVE-2017-2222
High 8.8
2019-08-27< 3.2.8.1
CVE-2019-15660