CVE-2025-49333
WordPress Simple Membership <= 4.6.3 - Cross Site Scripting (XSS) VulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3.
We have discovered 9,237 live websites that are affected by CVE-2025-49333.
Affected Software
| Product |  Simple Membership |
| Category | Wordpress Plugins |
| Vulnerable Domains | 9,237 live websites (93% of Simple Membership install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 58 versions ( 98% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 6, 2025
- Updated - Jun 6, 2025
Credits
- bintable (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-49333 United States | 3,086 websites |
 Germany | 1,894 websites |
 Japan | 1,058 websites |
 GB | 424 websites |
 France | 370 websites |
 Switzerland | 230 websites |
 Spain | 223 websites |
 Cyprus | 158 websites |
 Denmark | 145 websites |
 Netherlands | 143 websites |
Website Distribution by TLD
Number of websites using CVE-2025-49333| .com | 3,244 websites |
| .de | 1,370 websites |
| .org | 1,077 websites |
| .net | 282 websites |
| .jp | 265 websites |
| .co.uk | 251 websites |
| .ch | 204 websites |
| .nl | 152 websites |
| .ca | 151 websites |
| .es | 130 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-49333
Top websites that are affected by CVE-2025-49333. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.com | **,*** | ||
| ********************.***.uk | United States | **,*** | |
| *******************.com | United States | **,*** | |
| *******.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| ********************.net | United States | ***,*** | |
| ********************.org | United States | ***,*** | |
| ***.***********.com |  Hungary | ***,*** |
FAQ
CVE-2025-49333 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Simple Membership
A total of 9,237 websites have been identified as vulnerable to CVE-2025-49333, based on global website indexing conducted by WebTechSurvey.
The Simple Membership is affected by the CVE-2025-49333 vulnerability.
Simple Membership versions up to and including 4.6.3 are vulnerable to CVE-2025-49333.