Vulnerabilities and security researches forsubscriptions-memberships-for-paypal subscriptions-memberships-for-paypal

Jun 16, 2026

CVE, Research URL: 93092747cf40140ada459f840e7a4eb5b10bc273
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: May 25, 2022
Research Description: Subscriptions & Memberships for PayPal [subscriptions-memberships-for-paypal] < 1.1.6 Subscriptions & Memberships for PayPal <= 1.1.5 - Reflected Cross-Site Scripting The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Several additional security fixes were made up to version 1.1.6.
Affected versions: max 1.1.6.
Status: vulnerable

CVE, Research URL: 34ea00d1-3f45-4550-9d22-5a966e9c01b9
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: -
Research Description: Subscriptions & Memberships for PayPal [subscriptions-memberships-for-paypal] < 1.1.3 Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021
Affected versions: max 1.1.3.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-66107
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: Nov 21, 2025
Research Description: Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.
Affected versions: max 1.1.8.
Status: vulnerable

CVE, Research URL: CVE-2025-12752
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: Nov 22, 2025
Research Description: The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create fake payment entries that have not actually occurred.
Affected versions: max 1.1.8.
Status: vulnerable

Feb 27, 2025

CVE, Research URL: CVE-2024-13560
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: Feb 26, 2025
Research Description: The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.7.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 0e8c5f64cd19a4c34cdb988232fabeb3e5e31fb4
Home page URL: Security reports for Subscriptions & Memberships for PayPal
Application: Subscriptions & Memberships for PayPal
Date: Oct 11, 2021
Research Description: Subscriptions & Memberships for PayPal [subscriptions-memberships-for-paypal] < 1.1.3 WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Subscriptions & Memberships for PayPal plugin (versions <= 1.1.2).
Affected versions: max 1.1.3.
Status: vulnerable