WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of th...

WordPress Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption vulnerability

Missing Authorization to Authenticated Subscriber+ Stripe Webhook Deletion and Payment Processing Disruption vulnerability discovered by Jared Reyes in WordPress Plugin Paid Memberships Pro versions = 3.6.5...

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-4100

The CVE concerns the Paid Memberships Pro plugin for WordPress, affecting all versions up to 3.6.5. The root cause is missing capability checks on three AJAX handlers: wp_ajax_pmpro_stripe_create_webhook, wp_ajax_pmpro_stripe_delete_webhook, and wp_ajax_pmpro_stripe_rebuild_webhook. This allows a...

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

EUVD-2026-26782

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

PT-2026-36609

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wp ajax pmpro stripe create webhook, wp ajax pmpro stripe delete...

WordPress plugin Paid Memberships Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Paid Memberships Pro plugin <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update vulnerability

Cross-Site Request Forgery to Level Orders Update vulnerability discovered by kodaichodai in WordPress Plugin Paid Memberships Pro versions = 2.12.7...

WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability

Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...

CVE-2023-40608

Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3...

EUVD-2015-5486

Malware in sbrugna...

EUVD-2021-11891

Malware in sbrugna...

EUVD-2024-31807

Malicious code in bioql PyPI...

EUVD-2024-17040

Malicious code in bioql PyPI...

EUVD-2024-30580

Malicious code in bioql PyPI...