CVE-2026-2363 | WP-Members Membership Plugin up to 3.5.5.1 on WordPress Shortcode order_by sql injection

Inserito da Angelo Barbosa | Mar 3, 2026 | CVE

A vulnerability identified as critical has been detected in WP-Members Membership Plugin up to 3.5.5.1 on WordPress. This affects an unknown function of the component Shortcode Handler. Performing a manipulation of the argument order_by results in sql injection.

This vulnerability is cataloged as CVE-2026-2363. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2026-2363 | WP-Members Membership Plugin up to 3.5.5.1 on WordPress Shortcode order_by sql injection

Post correlati

CVE-2024-47142 | AIPHONE IXG-2C7/IXG-2C7-L up to 2.03 insufficiently protected credentials

CVE-2024-34515 | spatie image-optimizer up to 1.7.2 Phar Deserialization file_exists deserialization (Issue 210)

CVE-2023-48742 | License Manager for WooCommerce Plugin up to 2.2.10 on WordPress sql injection

CVE-2022-4967 | strongSwan 5.9.2/5.9.3/5.9.4/5.9.5 IKE/EAP authorization