Lucene search
K

118 matches found

NVD
NVD
added 2026/07/02 6:16 a.m.7 views

CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

6.5CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.41 views

CVE-2026-11965 User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...

0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-10820

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

8.1CVSS0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:0 a.m.7 views

CVE-2026-10820

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

8.1CVSS5.8AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/05 4:58 p.m.4 views

CVE-2026-3309

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS6.2AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/04 12:31 p.m.6 views

EUVD-2026-18997

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS6.2AI score0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/04/04 12:16 p.m.10 views

CVE-2026-3309

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS0.00407EPSS
Exploits0References2
NVD
NVD
added 2026/04/04 9:16 a.m.7 views

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/04 8:25 a.m.30 views

CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/04 8:25 a.m.8 views

CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.7 views

PT-2026-30346

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS6.2AI score0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.1CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/09 6:30 p.m.7 views

EUVD-2025-201936

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

5.4CVSS6.2AI score0.0042EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 4:17 p.m.7 views

CVE-2025-13642

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

5.4CVSS0.0042EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/06 4:3 a.m.9 views

CVE-2025-11835

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 3:27 a.m.18 views

CVE-2025-11835

CVE-2025-11835 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The issue arises from a missing capability check and validation in PMS_AJAX_Checkout_Handler::process_payment(), leading to unauthorized data modificatio...

5.3CVSS5AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 3:27 a.m.2 views

CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

5.3CVSS5AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/05 3:27 a.m.10 views

CVE-2025-11835 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

5.3CVSS0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

WordPress plugin Paid Membership Subscriptions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45067

Name of the Vulnerable Software and Affected Versions Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction versions prior to 2.16.5 Description The plugin is susceptible to unauthorized data modification because of a missing capability and validation...

5.3CVSS6.4AI score0.00213EPSS
Exploits0References4
Rows per page
Query Builder