CVE-2024-0624 Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmproupdatelevelorder function. This...