PT-2025-36571 · WordPress · Wp-Members Membership Plugin
Kishan Vyas
·
Published
2025-09-09
·
Updated
2025-11-29
·
CVE-2025-9489
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
The WP-Members Membership Plugin versions prior to 3.5.4.3
Description:
The WP-Members Membership Plugin is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate a value before running
do shortcode. Authenticated attackers with Subscriber-level access or higher can exploit this to execute arbitrary shortcodes.Recommendations:
Update The WP-Members Membership Plugin to a version prior to 3.5.4.3.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Members Membership Plugin