Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paid memberships pro vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
7.2
CVSSv3
CVE-2020-5579
SQL injection vulnerability in the Paid Memberships versions before 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
9.8
CVSSv3
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Strangerstudios Paid Memberships Pro
3 Github repositories
NA
CVE-2015-55321
WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
NA
CVE-2024-30514
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a up to and including 1.4.1.
NA
CVE-2024-30523
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a up to and including 2.3.4.
NA
CVE-2024-32793
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a up to and including 2.12.10.
NA
CVE-2024-32794
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a up to and including 2.12.10.
NA
CVE-2024-1279
The Paid Memberships Pro WordPress plugin prior to 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
5.3
CVSSv3
CVE-2024-3215
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »