Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paid memberships pro vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-24979
The Paid Memberships Pro WordPress plugin prior to 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Strangerstudios Paid Memberships Pro
668
VMScore
CVE-2021-25114
The Paid Memberships Pro WordPress plugin prior to 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Strangerstudios Paid Memberships Pro
578
VMScore
CVE-2021-20678
SQL injection vulnerability in the Paid Memberships Pro versions before 2.5.6 allows remote authenticated malicious users to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
NA
CVE-2015-55321
WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
NA
CVE-2024-30514
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a up to and including 1.4.1.
NA
CVE-2024-30523
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a up to and including 2.3.4.
NA
CVE-2024-32793
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a up to and including 2.12.10.
NA
CVE-2024-32794
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a up to and including 2.12.10.
NA
CVE-2024-1279
The Paid Memberships Pro WordPress plugin prior to 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
NA
CVE-2024-0588
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_strea...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »