Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-14328. PoCs published by rubyman.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in the WordPress Simple Membership plugin (version 3.8.4), allowing an attacker to trick an authenticated admin into submitting a malicious form that changes user membership levels.
Description
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
Exploits (1)
exploitdb
WORKING POC
by rubyman · htmlwebappsphp
https://www.exploit-db.com/exploits/47182
This exploit demonstrates a CSRF vulnerability in the WordPress Simple Membership plugin (version 3.8.4), allowing an attacker to trick an authenticated admin into submitting a malicious form that changes user membership levels.
Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
WordPress Simple Membership plugin 3.8.4
Auth required
Prerequisites:
Victim must be authenticated as an admin · Victim must visit the malicious HTML page
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/simple-membership/#developers
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153801/WordPress-Simple-Membership-3.8.4-Cross-Site-Request-Forgery.html
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9482
Scores
CVSS v3
8.8
EPSS
0.0041
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
simple-membership-plugin/simple_membership
< 3.8.5
Published
Jul 28, 2019
Tracked Since
Feb 18, 2026