Browse all 3 CVE security advisories affecting memberful. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Memberful provides membership management and content monetization platforms for digital creators. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and improper access controls. The platform's security posture has been impacted by incidents where insufficient sanitization allowed arbitrary code execution and unauthorized access to user data. While no major public breaches have been widely documented, the three CVEs on record highlight recurring themes in web application security, particularly around user input handling and authentication mechanisms. Organizations implementing Memberful should prioritize regular security updates and input validation to mitigate these risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58000 | WordPress Memberful plugin <= 1.75.0 - Broken Access Control vulnerability — Memberful - Membership PluginCWE-862 | 5.3 | Medium | 2025-09-22 |
| CVE-2024-11294 | Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Memberful – Membership PluginCWE-200 | 5.3 | Medium | 2024-12-17 |
| CVE-2024-9242 | Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting — Memberful – Membership PluginCWE-79 | 6.4 | Medium | 2024-10-04 |
This page lists every published CVE security advisory associated with memberful. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.