Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paid memberships pro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36754
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated malicious users to...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-0631
The Paid Memberships Pro WordPress plugin prior to 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.
Strangerstudios Paid Memberships Pro
NA
CVE-2022-4830
The Paid Memberships Pro WordPress plugin prior to 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be ...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Strangerstudios Paid Memberships Pro
3 Github repositories
7.5
CVSSv2
CVE-2021-25114
The Paid Memberships Pro WordPress plugin prior to 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Strangerstudios Paid Memberships Pro
4.3
CVSSv2
CVE-2021-24979
The Paid Memberships Pro WordPress plugin prior to 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Strangerstudios Paid Memberships Pro
6.5
CVSSv2
CVE-2021-20678
SQL injection vulnerability in the Paid Memberships Pro versions before 2.5.6 allows remote authenticated malicious users to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
6.5
CVSSv2
CVE-2020-5579
SQL injection vulnerability in the Paid Memberships versions before 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
4.3
CVSSv2
CVE-2015-5532
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin prior to 1.8.4.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.ph...
Strangerstudios Paid Memberships Pro
NA
CVE-2015-55321
WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »