3 matches found
CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possibl...
CVE-2024-1407 Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possibl...
WordPress Paid Memberships Pro Plugin <= 2.12.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.10 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1407 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8bd40b5c1996 Credits Colin Xu Requir...