Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues. With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites.
Source: Infosecurity