Unauthenticated Cross Site Scripting in Simple Membership Plugin by WordPress
CVE-2026-42663

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
15 June 2026

What is CVE-2026-42663?

The Simple Membership plugin for WordPress has a vulnerability that allows an unauthenticated attacker to exploit Cross Site Scripting (XSS) issues. This type of vulnerability enables malicious users to inject arbitrary JavaScript code into web pages viewed by other users, potentially compromising session data and leading to unauthorized access. Versions up to and including 4.7.2 are affected, making it essential for users to update their plugins to secure their websites.

Affected Version(s)

Simple Membership <= 4.7.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hhhai | Patchstack Bug Bounty Program
.