Volerion logoVolerion
Volerion logoVolerion

WP-Members Membership Plugin Shortcode Execution Vulnerability

Vulnerability

A vulnerability exists in the WP-Members Membership Plugin for WordPress, allowing authenticated users with Subscriber-level access and above to execute arbitrary shortcodes. This issue is present in all versions through 3.5.4.2. The vulnerability arises because the plugin does not properly validate values before processing shortcodes, enabling unauthorized shortcode execution.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user, such as executing malicious shortcodes that could alter site content or functionality.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the WP-Members shortcodes that are affected. The vulnerability can be triggered by executing shortcodes that have not been properly validated, allowing for arbitrary shortcode execution.

Remediation

Users are advised to update the WP-Members Membership Plugin to version 3.5.4.3 or a newer patched version.

Added: Sep 9, 2025, 5:18 AM
Updated: Sep 9, 2025, 5:18 AM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
1.3
exploitability
6.4
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.