Get started today. Now with 10-16% off!

Get started

Dangerous Bug in WP-Members Membership Plugin – Unauthenticated Stored Cross-Site Scripting Vulnerability <= 3.4.9.2

Apr 1, 2024
WordPress Security News

In the plugin installed on over 60,000 web sites (WP-Members Membership – a membership plugin with content restriction and custom registration) an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability has been reported recently. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service.

WP-Members Membership Plugin <= 3.4.9.2 – Unauthenticated Stored Cross-Site Scripting vulnerability

Plugin slug: wp-members
Update to version: 3.4.9.3

The vulnerability allows hackers to inject arbitrary JavaScript via the X-Forwarded-For header, used by the plugin for logging purposes. When viewed by the administrator, the malicious code would be executed in the context of the administrator’s browser session and would allow the creation of malicious administrator users as well as any changes to the affected site’s settings which could lead to a complete site takeover.


Key security problems: WordPress Plugins | XSS (Cross-Site Scripting)

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!
Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Sign Up Now

Available for websites with themes and plugins from WordPress.org repository only.

Check Our Plans

Ready to Join?

Sign up NOW for the standard annual plan
Pay $699 yearly ($58/month)
(upgrade to the PRO PLAN at any time)

Terms and Conditions - Privacy Policy