Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-02-19

CVE-2025-13732 - Member Access Subscriptions Plugin

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Member Access Subscriptions

CVE-2025-13732

MEDIUM CVSS 6.4 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2025-02-21

CVE-2024-11376 - Member Access Subscriptions Plugin

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 241114. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Member Access Subscriptions

CVE-2024-11376

MEDIUM CVSS 6.1 2025-02-18
Open Full Technical Breakdown
Threat Entry Updated 2024-12-17

CVE-2024-8326 - Member Access Subscriptions Plugin

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114.

PLUGIN Member Access Subscriptions

CVE-2024-8326

HIGH CVSS 8.8 2024-12-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0899 - Member Access Subscriptions Plugin

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages.

PLUGIN Member Access Subscriptions

CVE-2024-0899

MEDIUM CVSS 5.3 2024-04-09
Open Full Technical Breakdown
Scroll to top