CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26879 – WordPress s2Member Plugin <= 241216 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26879
22 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member Pro allows Reflected XSS. This issue affects s2Member Pro: from n/a through 241216. The s2Member Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 241216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if the... • https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-plugin-241216-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51815 – WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-51815
02 Dec 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (Pro) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 241114. This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31237 – WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-31237
05 Apr 2024 — Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315. Una vulnerabilidad de gestión de privilegios incorrecta en WP Sharks s2Member Pro permite la escalada de privilegios. Este problema afecta a s2Member Pro: desde n/a hasta 240315. The s2Member plugin for WordPress is vulnerable to limited privilege escalation in versions up to, and including, 240315. This is due to insufficient controls during user regist... • https://patchstack.com/database/vulnerability/s2member/wordpress-s2member-plugin-240315-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2011-5082 – s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5082
12 Feb 2012 — Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin de WordPress 's2Member Pro' antes de v111220 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s2member_pro_authnet_checkout [coupon](también cono... • http://secunia.com/advisories/47954 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •