Paid Memberships Pro Security Vulnerabilities and Issues — Paid Memberships Pro CVE List

Lucene search

StrangerstudiosPaid Memberships Pro

6 matches found

CVE•added 2023/03/20 4:15 p.m.•62 views

CVE-2023-0631

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

8.8CVSS8.9AI score0.8003EPSS

CVE•added 2021/03/18 1:15 a.m.•61 views

CVE-2021-20678

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

8.8CVSS8.7AI score0.02557EPSS

CVE•added 2023/11/18 2:15 a.m.•56 views

CVE-2023-6187

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber ...

8.8CVSS8.8AI score0.19702EPSS

CVE•added 2024/04/24 3:15 p.m.•48 views

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

8.8CVSS6.9AI score0.0006EPSS

CVE•added 2024/04/24 3:15 p.m.•46 views

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

8.8CVSS6.9AI score0.00104EPSS

CVE•added 2024/06/19 1:15 p.m.•44 views

CVE-2023-39990

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.

8.8CVSS5.5AI score0.00215EPSS