2 matches found
CVE-2023-6855 Paid Memberships Pro <= 2.12.5 - Missing Authorization via API
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmprorestapigetpermissionscheck function in...
WordPress Paid Memberships Pro Plugin <= 2.12.5 is vulnerable to Broken Access Control
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.5 Fixed in 2.12.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6855 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fb6688b14c42 Credits Webbernaut Required...