Strangerstudios

Paid Memberships Pro

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-0588

  • EPSS 0.91%
  • Veröffentlicht 09.04.2024 19:15:14
  • Zuletzt bearbeitet 08.04.2026 18:18:52

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmp...

4.3

CVE-2024-1279

Exploit
  • EPSS 0.55%
  • Veröffentlicht 11.03.2024 18:15:17
  • Zuletzt bearbeitet 28.03.2025 19:15:17

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.

5.3

CVE-2024-0624

  • EPSS 0.95%
  • Veröffentlicht 25.01.2024 02:15:53
  • Zuletzt bearbeitet 08.04.2026 19:19:13

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validatio...

5.3

CVE-2023-6855

  • EPSS 0.51%
  • Veröffentlicht 11.01.2024 09:15:52
  • Zuletzt bearbeitet 08.04.2026 18:18:43

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in t...

8.8

CVE-2023-6187

  • EPSS 51.54%
  • Veröffentlicht 18.11.2023 02:15:49
  • Zuletzt bearbeitet 08.04.2026 18:18:35

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it ...

4.3

CVE-2020-36754

Exploit
  • EPSS 0.4%
  • Veröffentlicht 20.10.2023 08:15:11
  • Zuletzt bearbeitet 08.04.2026 19:17:37

The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for una...

8.8

CVE-2023-0631

Exploit
  • EPSS 60.45%
  • Veröffentlicht 20.03.2023 16:15:12
  • Zuletzt bearbeitet 26.02.2025 15:15:18

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

5.4

CVE-2022-4830

Exploit
  • EPSS 65.01%
  • Veröffentlicht 13.02.2023 15:15:20
  • Zuletzt bearbeitet 21.11.2024 07:36:01

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip...

9.8

CVE-2023-23488

  • EPSS 92.46%
  • Veröffentlicht 20.01.2023 18:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:22

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.

9.8

CVE-2021-25114

Exploit
  • EPSS 82.25%
  • Veröffentlicht 07.02.2022 16:15:46
  • Zuletzt bearbeitet 21.11.2024 05:54:22

The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection