Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strangerstudios paid memberships pro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0624
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_updat...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-6855
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_ge...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-6187
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticat...
Strangerstudios Paid Memberships Pro
NA
CVE-2020-36754
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated malicious users to...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-0631
The Paid Memberships Pro WordPress plugin prior to 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.
Strangerstudios Paid Memberships Pro
NA
CVE-2022-4830
The Paid Memberships Pro WordPress plugin prior to 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be ...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Strangerstudios Paid Memberships Pro
3 Github repositories
7.5
CVSSv2
CVE-2021-25114
The Paid Memberships Pro WordPress plugin prior to 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Strangerstudios Paid Memberships Pro
4.3
CVSSv2
CVE-2021-24979
The Paid Memberships Pro WordPress plugin prior to 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Strangerstudios Paid Memberships Pro
6.5
CVSSv2
CVE-2021-20678
SQL injection vulnerability in the Paid Memberships Pro versions before 2.5.6 allows remote authenticated malicious users to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »