Unauthenticated Cross Site Scripting in Simple Membership Plugin by WordPress
CVE-2026-42663
6.5MEDIUM
What is CVE-2026-42663?
The Simple Membership plugin for WordPress has a vulnerability that allows an unauthenticated attacker to exploit Cross Site Scripting (XSS) issues. This type of vulnerability enables malicious users to inject arbitrary JavaScript code into web pages viewed by other users, potentially compromising session data and leading to unauthorized access. Versions up to and including 4.7.2 are affected, making it essential for users to update their plugins to secure their websites.
Affected Version(s)
Simple Membership <= 4.7.2