CVE-2025-13732

Name of the Vulnerable Software and Affected Versions s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress versions through 251005

Description The s2Member plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping within the plugin’s 's2Eot' shortcode. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute when any user accesses the compromised page.

Recommendations Update the s2Member plugin to a version newer than 251005.