CVE-2024-51815 - Vulnerability Details

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Wp Sharks	S2member Pro

No data.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.	Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection.This issue affects s2Member: from n/a through <= 241114.
Title	WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability	WordPress s2Member plugin <= 241114 - Remote Code Execution (RCE) vulnerability
References	https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00206}`	epss `{'score': 0.00231}`

Fri, 06 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wp Sharks Wp Sharks s2member Pro
CPEs		cpe:2.3:a:wp_sharks:s2member_pro::::::::
Vendors & Products		Wp Sharks Wp Sharks s2member Pro
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 06 Dec 2024 13:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.
Title		WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - Remote Code Execution (RCE) vulnerability
Weaknesses		CWE-94
References		https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-12-06T13:07:16.899Z

Updated: 2026-04-01T15:38:00.745Z

Reserved: 2024-11-04T09:57:58.194Z

Link: CVE-2024-51815

Vulnrichment

Updated: 2024-12-06T17:06:28.432Z

NVD

Status : Awaiting Analysis

Published: 2024-12-06T14:15:21.093

Modified: 2026-04-01T16:19:49.117

Link: CVE-2024-51815

Redhat

No data.

Metrics

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object