Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for s2Member by Cristián Lávaque
CVE-2025-58998 (GCVE-0-2025-58998)
Vulnerability from nvd – Published: 2025-11-06 15:54 – Updated: 2026-04-28 12:10
VLAI?
Title
WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability
Summary
Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250701
(custom)
|
Date Public ?
2026-04-28 13:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T15:48:08.355813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:11:15.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250905",
"status": "unaffected"
}
],
"lessThanOrEqual": "250701",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ChuongVN | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-28T13:21:34.129Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Object Injection.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250701.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through \u003c= 250701."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:10:20.635Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250701-php-object-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member Plugin \u003c= 250701 - PHP Object Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58998",
"datePublished": "2025-11-06T15:54:37.699Z",
"dateReserved": "2025-09-06T04:45:29.150Z",
"dateUpdated": "2026-04-28T12:10:20.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62023 (GCVE-0-2025-62023)
Vulnerability from nvd – Published: 2025-10-22 14:32 – Updated: 2026-04-23 14:13
VLAI?
Title
WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250905
(custom)
|
Date Public ?
2026-04-22 14:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:14:05.841861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:16:35.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "251005",
"status": "unaffected"
}
],
"lessThanOrEqual": "250905",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mcdruid | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:25:20.489Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250905.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member.This issue affects s2Member: from n/a through \u003c= 250905."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:13:39.965Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250905-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 250905 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62023",
"datePublished": "2025-10-22T14:32:50.026Z",
"dateReserved": "2025-10-07T15:34:13.977Z",
"dateUpdated": "2026-04-23T14:13:39.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32137 (GCVE-0-2025-32137)
Vulnerability from nvd – Published: 2025-04-04 15:58 – Updated: 2026-04-23 14:09
VLAI?
Title
WordPress s2Member plugin <= 250419 - Local File Inclusion vulnerability
Summary
Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419.
Severity ?
4.9 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250419
(custom)
|
Date Public ?
2026-04-22 14:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T19:54:45.692302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:18:17.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250424",
"status": "unaffected"
}
],
"lessThanOrEqual": "250419",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hakiduck | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:30:43.300Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Path Traversal.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250419.\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through \u003c= 250419."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:09:43.555Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250214-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 250419 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32137",
"datePublished": "2025-04-04T15:58:31.692Z",
"dateReserved": "2025-04-04T10:00:42.738Z",
"dateUpdated": "2026-04-23T14:09:43.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26879 (GCVE-0-2025-26879)
Vulnerability from nvd – Published: 2025-03-03 13:30 – Updated: 2026-04-01 15:45
VLAI?
Title
WordPress s2Member Plugin <= 241216 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through <= 241216.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 241216
(custom)
|
Date Public ?
2026-04-01 16:35
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:33:58.323254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:34:23.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250214",
"status": "unaffected"
}
],
"lessThanOrEqual": "241216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:16.925Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Reflected XSS.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 241216.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through \u003c= 241216."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:45:36.197Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-241216-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member Plugin \u003c= 241216 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26879",
"datePublished": "2025-03-03T13:30:40.679Z",
"dateReserved": "2025-02-17T11:50:22.449Z",
"dateUpdated": "2026-04-01T15:45:36.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51815 (GCVE-0-2024-51815)
Vulnerability from nvd – Published: 2024-12-06 13:07 – Updated: 2026-04-23 13:55
VLAI?
Title
WordPress s2Member plugin <= 241114 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 241114
(custom)
|
Date Public ?
2026-04-22 14:35
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wp_sharks:s2member_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s2member_pro",
"vendor": "wp_sharks",
"versions": [
{
"lessThanOrEqual": "241114",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:36:35.364661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T17:06:34.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "241216",
"status": "unaffected"
}
],
"lessThanOrEqual": "241114",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hakiduck | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:35:18.433Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Code Injection.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 241114.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through \u003c= 241114."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:55:16.451Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 241114 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-51815",
"datePublished": "2024-12-06T13:07:16.899Z",
"dateReserved": "2024-11-04T09:57:58.194Z",
"dateUpdated": "2026-04-23T13:55:16.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58998 (GCVE-0-2025-58998)
Vulnerability from cvelistv5 – Published: 2025-11-06 15:54 – Updated: 2026-04-28 12:10
VLAI?
Title
WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability
Summary
Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250701
(custom)
|
Date Public ?
2026-04-28 13:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T15:48:08.355813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:11:15.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250905",
"status": "unaffected"
}
],
"lessThanOrEqual": "250701",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ChuongVN | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-28T13:21:34.129Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Object Injection.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250701.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through \u003c= 250701."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:10:20.635Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250701-php-object-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member Plugin \u003c= 250701 - PHP Object Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58998",
"datePublished": "2025-11-06T15:54:37.699Z",
"dateReserved": "2025-09-06T04:45:29.150Z",
"dateUpdated": "2026-04-28T12:10:20.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62023 (GCVE-0-2025-62023)
Vulnerability from cvelistv5 – Published: 2025-10-22 14:32 – Updated: 2026-04-23 14:13
VLAI?
Title
WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250905
(custom)
|
Date Public ?
2026-04-22 14:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:14:05.841861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:16:35.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "251005",
"status": "unaffected"
}
],
"lessThanOrEqual": "250905",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mcdruid | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:25:20.489Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250905.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member.This issue affects s2Member: from n/a through \u003c= 250905."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:13:39.965Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250905-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 250905 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62023",
"datePublished": "2025-10-22T14:32:50.026Z",
"dateReserved": "2025-10-07T15:34:13.977Z",
"dateUpdated": "2026-04-23T14:13:39.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32137 (GCVE-0-2025-32137)
Vulnerability from cvelistv5 – Published: 2025-04-04 15:58 – Updated: 2026-04-23 14:09
VLAI?
Title
WordPress s2Member plugin <= 250419 - Local File Inclusion vulnerability
Summary
Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419.
Severity ?
4.9 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 250419
(custom)
|
Date Public ?
2026-04-22 14:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T19:54:45.692302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T20:18:17.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250424",
"status": "unaffected"
}
],
"lessThanOrEqual": "250419",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hakiduck | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:30:43.300Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Path Traversal.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 250419.\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through \u003c= 250419."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:09:43.555Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250214-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 250419 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32137",
"datePublished": "2025-04-04T15:58:31.692Z",
"dateReserved": "2025-04-04T10:00:42.738Z",
"dateUpdated": "2026-04-23T14:09:43.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26879 (GCVE-0-2025-26879)
Vulnerability from cvelistv5 – Published: 2025-03-03 13:30 – Updated: 2026-04-01 15:45
VLAI?
Title
WordPress s2Member Plugin <= 241216 - Reflected Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristián Lávaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through <= 241216.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 241216
(custom)
|
Date Public ?
2026-04-01 16:35
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:33:58.323254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:34:23.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "250214",
"status": "unaffected"
}
],
"lessThanOrEqual": "241216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:35:16.925Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Reflected XSS.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 241216.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Reflected XSS.This issue affects s2Member: from n/a through \u003c= 241216."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:45:36.197Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-241216-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member Plugin \u003c= 241216 - Reflected Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-26879",
"datePublished": "2025-03-03T13:30:40.679Z",
"dateReserved": "2025-02-17T11:50:22.449Z",
"dateUpdated": "2026-04-01T15:45:36.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51815 (GCVE-0-2024-51815)
Vulnerability from cvelistv5 – Published: 2024-12-06 13:07 – Updated: 2026-04-23 13:55
VLAI?
Title
WordPress s2Member plugin <= 241114 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cristián Lávaque | s2Member |
Affected:
0 , ≤ 241114
(custom)
|
Date Public ?
2026-04-22 14:35
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wp_sharks:s2member_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "s2member_pro",
"vendor": "wp_sharks",
"versions": [
{
"lessThanOrEqual": "241114",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:36:35.364661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T17:06:34.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "s2member",
"product": "s2Member",
"vendor": "Cristi\u00e1n L\u00e1vaque",
"versions": [
{
"changes": [
{
"at": "241216",
"status": "unaffected"
}
],
"lessThanOrEqual": "241114",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hakiduck | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:35:18.433Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Code Injection.\u003cp\u003eThis issue affects s2Member: from n/a through \u003c= 241114.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Cristi\u00e1n L\u00e1vaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through \u003c= 241114."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:55:16.451Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress s2Member plugin \u003c= 241114 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-51815",
"datePublished": "2024-12-06T13:07:16.899Z",
"dateReserved": "2024-11-04T09:57:58.194Z",
"dateUpdated": "2026-04-23T13:55:16.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}