Published: 18/11/2023 Updated: 24/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strangerstudios paid memberships pro

Check Point Reference: CPAI-2023-1554 Date Published: 12 Mar 2024 Severity: High ...

CWE-434 https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564 https://www.paidmembershipspro.com/pmpro-update-2-12-4/https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php https://nvd.nist.gov https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1554.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-6187

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect