Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-7495: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cbutlerjr WP-Members Membership Plugin

Medium
VulnerabilityCVE-2025-7495cvecve-2025-7495cwe-79
Published: Tue Jul 22 2025 (07/22/2025, 04:25:07 UTC)
Source: CVE Database V5
Vendor/Project: cbutlerjr
Product: WP-Members Membership Plugin

Description

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-07-11T14:49:02.447Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 687f140aa83201eaac18166b

Added to database: 7/22/2025, 4:31:06 AM

Last updated: 7/22/2025, 4:31:06 AM

Views: 1

Related Threats

CVE-2025-7644: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bdthemes Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-6585: CWE-20 Improper Input Validation in WP JobHunt

High
VulnerabilityTue Jul 22 2025

CVE-2025-7953: Open Redirect in Sanluan PublicCMS

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-7952: Command Injection in TOTOLINK T6

Medium
VulnerabilityTue Jul 22 2025

CVE-2025-54362

Low
VulnerabilityTue Jul 22 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats