Simple Membership Plugin Simple Membership Plugin

  1. Vendors
  2. Simple Membership Plugin

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Simple Membership Plugin product.

RSS Feeds for Simple Membership Plugin security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Simple Membership Plugin products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Simple Membership Plugin Sorted by Most Security Vulnerabilities since 2018

Simple Membership Plugin Simple Membership20 vulnerabilities

Simple Membership Plugin Simple Membership Wp User Import1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Simple Membership Plugin. Simple Membership Plugin did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 9 6.58
2023 4 6.48
2022 5 7.18
2021 0 0.00
2020 0 0.00
2019 3 8.80

It may take a day or so for new Simple Membership Plugin vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Simple Membership Plugin Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-11088 Nov 21, 2024
Info Exposure in WordPress Simple Membership 4.5.5 via Search The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Simple Membership
CVE-2024-49682 Oct 24, 2024
Open Redirect in WP Simple Membership <=4.5.3 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.
Simple Membership
CVE-2023-41956 May 17, 2024
Improper Auth in WP.SimpleMembership before 4.3.4 Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.
Simple Membership
CVE-2023-41957 May 17, 2024
Simple Membership WP Plugin Privilege Escalation (4.3.4) Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
Simple Membership
CVE-2024-4383 May 14, 2024
WordPress Simple Memb. Stored XSS via swpm_paypal_subscription_cancel_link (4.4.5) The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Simple Membership
CVE-2024-3730 Apr 25, 2024
WP Simple Membership <=4.4.3 Stored XSS via swpm_paypal_sub_cancel_link The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Simple Membership
CVE-2024-1985 Mar 13, 2024
CVE-2024-1985: WP Simple Membership 4.4.2 Stored XSS via Display Name The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.
Simple Membership
CVE-2024-22308 Jan 24, 2024
Open Redirect in Simple Membership <=4.4.1 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.
Simple Membership
CVE-2023-6882 Jan 11, 2024
WP Simple Membership XSS via environment_mode (4.3.8) The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the environment_mode parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Simple Membership
CVE-2023-50376 Dec 19, 2023
WordPress Simple Membership 4.3.8 Reflected XSS CVE-2023-50376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.
Simple Membership
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.