CVE-2025-9489 in Membership Plugininfo

Zusammenfassung

von MITRE • 09.09.2025

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

09.09.2025

Moderieren

akzeptiert

Eintrag

VDB-323115

CPE

bereit

CWE

CWE-94 (bestätigt)

CVSS

5.0 (CNA)

EPSS

0.00108

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9489
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9489
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9489/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!