4 matches found
WordPress Paid Memberships Pro Plugin <= 2.12.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.10 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0588 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b53bf462fd91 Credits kodaichodai...
WordPress Paid Memberships Pro Plugin <= 2.12.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.10 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0588 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6f8ac4a2a197 Credits kodaichodai...
CVE-2024-0588
CVE-2024-0588 affects the WordPress plugin Paid Memberships Pro (all versions
CVE-2024-0588 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmproliftersavestreamlineoption function. This mak...