cleantalk

Vulnerabilities and Security Researches

Security report for CVE Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions > CVE-2024-0624

CVE, Research URL

CVE-2024-0624

Home page URL

Security reports for Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Application

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Published on
Jan 25, 2024
Research Description
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.12.9.
Status
vulnerable
Previous vulnerability researches
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2015-5532) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2021-25114) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2020-5579) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2021-24979) , Jun 06, 2024
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions (CVE-2021-20678) , Jun 06, 2024
New vulnerability
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time (CVE-2024-13841) , Feb 09, 2025
LikeBot – Decentralized like-system (CVE-2025-0522) , Feb 09, 2025
BookPress – For Book Authors (CVE-2025-25167) , Feb 09, 2025
Music Sheet Viewer (CVE-2025-25155) , Feb 09, 2025
Listings for Appfolio (CVE-2025-22658) , Feb 07, 2025