GCVE - cpe:2.3:a:e-plugins:wp_membership:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:e-plugins:wp_membership:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	E Plugins (`4ef66073-3f84-5bdb-a7d0-b721423839e8`)
Product	Wp Membership (`2fc3ddd5-52fd-54a4-aa13-8809198a6b88`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/wp-members`	purl2cpe	2026-06-01 10:11:30.473712

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-69292`	vulnerable	2026-06-03 15:11:04.913010	WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability HIGH (8.8) Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. Published: 2026-01-22T16:52:30.940Z Updated: 2026-04-28T20:45:22.845Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-membership/vulnerability/wordpress-wp-membership-plugin-1-6-4-privilege-escalation-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-69193`	vulnerable	2026-06-03 15:11:04.689367	WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability HIGH (7.3) Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4. Published: 2026-01-22T16:52:30.754Z Updated: 2026-04-28T20:45:12.104Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-membership/vulnerability/wordpress-wp-membership-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-54717`	vulnerable	2026-06-03 15:04:56.599686	WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability MEDIUM (5.4) Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3. Published: 2025-08-14T18:21:45.839Z Updated: 2026-04-28T16:13:35.848Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-membership/vulnerability/wordpress-wp-membership-plugin-plugin-1-6-3-settings-change-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10547`	vulnerable	2026-06-03 14:54:12.025721	WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload CRITICAL (9.8) The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Published: 2024-11-09T07:35:04.633Z Updated: 2026-04-08T16:57:58.441Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve https://codecanyon.net/item/wp-membership/10066554	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.