CVE-2023-6855

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function ...

CVE-2024-1279

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.

CVE-2024-3215

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function...

CVE-2024-0624

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. Thi...

CVE-2024-0588

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This...

CVE-2024-32794

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

CVE-2024-32793

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.

CVE-2024-37486

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.

CVE-2024-1407

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible ...

CVE-2023-39990

Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.

CVE-2024-1286

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.

CVE-2024-37277

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.

CVE-2024-1287

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.