cleantalk
Vulnerabilities and Security Researches

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions, 6126f80d6fcc17f2080b49119a502e1ea9dfbd45

CVE, Research URL

6126f80d6fcc17f2080b49119a502e1ea9dfbd45

Home page URL

Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Application

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Published on
Jan 06, 2021
Research Description
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions [paid-memberships-pro] < 2.5.3 (closed) Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure The Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions plugin for WordPress is vulnerable to sensitive information disclosure due to incorrect user validation and capabiltiy checking on the pmpro_get_order_json() function that made it possible for attackers to download order data for other users in versions up to, and including 2.5.2.
Affected versions
max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions (bc1806a73d52da416d296180a8da4bf979fefb71) , Jun 16, 2026
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions (ac7b051ed78b5cf1e4407d9f5099adcfe7c193b2) , Jun 16, 2026
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions (213ad777f574b5d7172e7bacd1ae7aae65344485) , Jun 16, 2026
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions (6126f80d6fcc17f2080b49119a502e1ea9dfbd45) , Jun 16, 2026
Paid Memberships Pro &#8211; Content Restriction, User Registration, &amp; Paid Subscriptions (CVE-2015-5532) , Jun 06, 2024
New vulnerability
WooCommerce (CVE-2022-50972) , Jun 22, 2026
Simple File List (CVE-2026-11911) , Jun 21, 2026
Simple File List (CVE-2026-12119) , Jun 21, 2026
Simple File List (CVE-2026-11912) , Jun 21, 2026
WP Hotel Booking (CVE-2026-9822) , Jun 21, 2026