CVE-2025-4610 – WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability

May 17, 2025

CVE ID : CVE-2025-4610

Published : May 17, 2025, 10:15 a.m. | 2 hours, 53 minutes ago

Description : The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4824 – TOTOLINK A702R, A3002R, A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article LLMs Struggle with Real Conversations: Microsoft and Salesforce Researchers Reveal a 39% Performance Drop in Multi-Turn Underspecified Tasks

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

CompTIA State of the Tech Workforce 2025 released, Meta joins Kotlin Foundation, Percona launches Transparent Data Encryption for PostgreSQL – Daily News Digest

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

ROG Ally drops to its lowest price ever, making it less than Switch 2 — Here’s why it could be your dream gaming handheld

1KB JavaScript Demoscene Challenge Just Launched

1KB JavaScript Demoscene Challenge Just Launched

Salesforce Marketing Cloud for Medical Devices

June report 2025

Intel’s former CEO speaks out — “I wanted to finish what I started”

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

CVE-2025-4610 – WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Google: Zero-Day Exploits Shift from Browsers to Enterprise Security Tools in 2024

CVE-2022-50218 – Linux Kernel IIO Light Driver Null Pointer Dereference Vulnerability

CVE-2025-44890 – Foresight Wireless FW-WGS-804HPT Stack Overflow Vulnerability

How to Deploy Laravel Projects to Live Server: The Ultimate Guide

I finally found smart finder tags that last for two years (and they’re cheaper than AirTags)

Microsoft adds three new AI features to Copilot+ PCs – including the controversial Recall

CVE-2025-20200 – Cisco IOS XE Software CLI Privilege Escalation Vulnerability

Anthropic copies OpenAI’s $200/month homework, but fumbles with restrictive rate limits that frustrate users: “I am canceling.”

CVE-2025-4610 – WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability

Related Posts