Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strangerstudios paid memberships pro vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-24979
The Paid Memberships Pro WordPress plugin prior to 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Strangerstudios Paid Memberships Pro
578
VMScore
CVE-2020-5579
SQL injection vulnerability in the Paid Memberships versions before 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Strangerstudios Paid Memberships Pro
505
VMScore
CVE-2014-8801
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin prior to 1.7.15 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Strangerstudios Paid Memberships Pro
1 EDB exploit
NA
CVE-2024-0624
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_updat...
Strangerstudios Paid Memberships Pro
NA
CVE-2020-36754
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated malicious users to...
Strangerstudios Paid Memberships Pro
383
VMScore
CVE-2015-5532
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin prior to 1.8.4.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.ph...
Strangerstudios Paid Memberships Pro
NA
CVE-2023-23488
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Strangerstudios Paid Memberships Pro
3 Github repositories
NA
CVE-2022-4830
The Paid Memberships Pro WordPress plugin prior to 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be ...
Strangerstudios Paid Memberships Pro
668
VMScore
CVE-2021-25114
The Paid Memberships Pro WordPress plugin prior to 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Strangerstudios Paid Memberships Pro
NA
CVE-2023-6855
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_ge...
Strangerstudios Paid Memberships Pro
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »