PT-2026-2982 · WordPress · Wp-Members Membership Plugin

Angus Girvan

·

Publicado

2026-01-15

·

Atualizado

2026-01-23

·

CVE-2025-14448

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.4.3
Description The WP-Members Membership Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Multiple Checkbox and Multiple Select user profile fields. Insufficient input sanitization and output escaping allow authenticated attackers with Subscriber-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.
Recommendations Update WP-Members Membership Plugin to a version later than 3.5.4.3.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-14448

Produtos afetados

Wp-Members Membership Plugin