Browse all 4 CVE security advisories affecting smp7, wp.insider. AI-powered Chinese analysis, POCs, and references for each vulnerability.
smp7, wp.insider is a WordPress security plugin focused on vulnerability detection and protection for WordPress websites. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The plugin has accumulated four CVEs, highlighting recurring security issues in its functionality. Notable characteristics include its vulnerability scanning capabilities and database management features, though its security track record has been inconsistent. The plugin's core use case is WordPress site hardening, but its own vulnerabilities have occasionally made it a vector for attacks rather than a protective measure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-41957 | WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability — Simple MembershipCWE-269 | 8.6 | High | 2024-05-17 |
| CVE-2023-41956 | WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability — Simple MembershipCWE-287 | 8.8 | High | 2024-05-17 |
| CVE-2024-22308 | WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection — Simple MembershipCWE-601 | 3.4 | Low | 2024-01-24 |
| CVE-2023-50376 | WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Unauth. Reflected Cross Site Scripting (XSS) — Simple MembershipCWE-79 | 7.1 | High | 2023-12-19 |
This page lists every published CVE security advisory associated with smp7, wp.insider. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.