Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strangerstudios paid memberships pro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0624
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_updat...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-6187
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticat...
Strangerstudios Paid Memberships Pro
6.5
CVSSv2
CVE-2020-5579
SQL injection vulnerability in the Paid Memberships versions before 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
NA
CVE-2023-0631
The Paid Memberships Pro WordPress plugin prior to 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.
Strangerstudios Paid Memberships Pro
NA
CVE-2023-6855
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_ge...
Strangerstudios Paid Memberships Pro
6.5
CVSSv2
CVE-2021-20678
SQL injection vulnerability in the Paid Memberships Pro versions before 2.5.6 allows remote authenticated malicious users to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
4.3
CVSSv2
CVE-2021-24979
The Paid Memberships Pro WordPress plugin prior to 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Strangerstudios Paid Memberships Pro
NA
CVE-2022-4830
The Paid Memberships Pro WordPress plugin prior to 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be ...
Strangerstudios Paid Memberships Pro
5
CVSSv2
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
NA
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Strangerstudios Paid Memberships Pro
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »