4 matches found
CVE-2020-36754
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpropagesave function. This makes it possible for unauthenticated attackers to save pages via a forged...
WordPress Paid Memberships Pro Plugin < 2.4.3 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:paidmembershipspro:paidmembershipspro"; ifdescription...
CVE-2020-36754
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpropagesave function. This makes it possible for unauthenticated attackers to save pages via a forged...
CVE-2020-36754
CVE-2020-36754 affects the WordPress Paid Memberships Pro plugin. It is a Cross-Site Request Forgery vulnerability caused by missing/incorrect nonce validation in the pmpro_page_save() function, allowing unauthenticated attackers to save pages via forged requests if a site admin is tricked into p...