Lucene search
K

287 matches found

Nuclei
Nuclei
added 5 days ago72 views

WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.3AI score0.81828EPSS
Exploits2References5
CVE
CVE
added 2026/07/02 6:0 a.m.18 views

CVE-2026-11965

The CVE-2026-11965 entry affects the WordPress plugin User Registration & Membership prior to version 5.2.0. The underlying issue is that the plugin does not enforce payment completion before activating a paid membership subscription, enabling unauthenticated users (after self-registering via the...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57659

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39664

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.16 views

CVE-2026-57659

CVE-2026-57659 describes an unauthenticated CSRF vulnerability in the WordPress plugin Paid Memberships Pro – Add Member From Admin (versions

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.35 views

CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS0.0013EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:24 p.m.9 views

WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

WordPress Paid Memberships Pro - Add Member From Admin plugin = 0.7.2 - Cross Site Request Forgery CSRF vulnerability discovered by Roll in WordPress Plugin Paid Memberships Pro - Add Member From Admin versions = 0.7.2...

8.8CVSS5.8AI score0.0013EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:54 a.m.35 views

CVE-2026-1869 User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 7:54 a.m.31 views

CVE-2026-1869

CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52829

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro - Add Member From Admin versions prior to 0.7.3 Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to execute unauthorized actions via crafted requests. CSRF is a type of attack...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.253 views

WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of th...

9.8CVSS8.8AI score0.9246EPSS
Exploits6References5
Patchstack
Patchstack
added 2026/05/05 4:22 p.m.14 views

WordPress Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption vulnerability

Missing Authorization to Authenticated Subscriber+ Stripe Webhook Deletion and Payment Processing Disruption vulnerability discovered by Jared Reyes in WordPress Plugin Paid Memberships Pro versions = 3.6.5...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 12:16 p.m.11 views

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.38 views

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.4 views

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/02 11:16 a.m.17 views

EUVD-2026-26782

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 11:16 a.m.26 views

CVE-2026-4100

The CVE concerns the Paid Memberships Pro plugin for WordPress, affecting all versions up to 3.6.5. The root cause is missing capability checks on three AJAX handlers: wp_ajax_pmpro_stripe_create_webhook, wp_ajax_pmpro_stripe_delete_webhook, and wp_ajax_pmpro_stripe_rebuild_webhook. This allows a...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.5 views

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.14 views

PT-2026-36609

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wp ajax pmpro stripe create webhook, wp ajax pmpro stripe delete...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
Rows per page
Query Builder