Vulnerabilities and security researches for paid-memberships-pro

Direction: ascending

Jun 06, 2024

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2015-5532

CVE, Research URL: CVE-2015-5532
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Oct 23, 2017
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-25114

CVE, Research URL: CVE-2021-25114
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Feb 07, 2022
Research Description: The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2020-5579

CVE, Research URL: CVE-2020-5579
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: May 20, 2020
Research Description: SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-24979

CVE, Research URL: CVE-2021-24979
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Dec 27, 2021
Research Description: The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-20678

CVE, Research URL: CVE-2021-20678
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Mar 18, 2021
Research Description: SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-23488

CVE, Research URL: CVE-2023-23488
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jan 20, 2023
Research Description: The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2014-8801

CVE, Research URL: CVE-2014-8801
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Nov 28, 2014
Research Description: Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2022-4830

CVE, Research URL: CVE-2022-4830
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Feb 13, 2023
Research Description: The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-6855

CVE, Research URL: CVE-2023-6855
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jan 11, 2024
Research Description: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-0631

CVE, Research URL: CVE-2023-0631
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Mar 20, 2023
Research Description: The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-4342

CVE, Research URL: -
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2020-36754

CVE, Research URL: CVE-2020-36754
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Oct 20, 2023
Research Description: The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-6187

CVE, Research URL: CVE-2023-6187
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Nov 18, 2023
Research Description: The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-0624

CVE, Research URL: CVE-2024-0624
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jan 25, 2024
Research Description: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-1279

CVE, Research URL: CVE-2024-1279
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Mar 11, 2024
Research Description: The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-0588

CVE, Research URL: CVE-2024-0588
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Apr 10, 2024
Research Description: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-3215

CVE, Research URL: CVE-2024-3215
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: May 02, 2024
Research Description: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-32794

CVE, Research URL: CVE-2024-32794
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Apr 24, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
Affected versions: Min -, max -.
Status: vulnerable

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-32793

CVE, Research URL: CVE-2024-32793
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Apr 24, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
Affected versions: Min -, max -.
Status: vulnerable

Jun 20, 2024

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-1407

CVE, Research URL: CVE-2024-1407
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jun 19, 2024
Research Description: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jul 02, 2024

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-37277

CVE, Research URL: CVE-2024-37277
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Nov 01, 2024
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.
Affected versions: Min -, max -.
Status: vulnerable

Jul 08, 2024

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-37486

CVE, Research URL: CVE-2024-37486
Home page URL: Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Application: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Date: Jul 09, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches for paid-memberships-pro

Jun 06, 2024

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2015-5532

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2021-25114

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2020-5579

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2021-24979

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2021-20678

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2023-23488

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2014-8801

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2022-4830

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2023-6855

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2023-0631

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2021-4342

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2020-36754

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2023-6187

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-0624

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-1279

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-0588

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-3215

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-32794

Plugin Security Certification

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-32793

Plugin Security Certification

Jun 20, 2024

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-1407

Plugin Security Certification

Jul 02, 2024

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-37277

Plugin Security Certification

Jul 08, 2024

Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions # CVE-2024-37486

Plugin Security Certification

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2015-5532

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-25114

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2020-5579

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-24979

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-20678

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-23488

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2014-8801

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2022-4830

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-6855

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-0631

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2021-4342

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2020-36754

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2023-6187

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-0624

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-1279

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-0588

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-3215

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-32794

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-32793

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-1407

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-37277

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions # CVE-2024-37486