Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:D50DBFB9-5759-415A-8638-73C622B44793
HistoryNov 18, 2023 - 12:00 a.m.

Paid Memberships Pro < 2.12.4 - Subscriber+ Arbitrary File Upload

2023-11-1800:00:00
wpscan.com
3
paid memberships pro
security vulnerability
file upload
authentication bypass
payment methods

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON

Description The plugin does not properly validate file type in its pmpro_paypalexpress_session_vars_for_user_fields() function, which could allow any authenticated users, such as subscriber to upload arbitrary files on the server. Note: Exploitation of the issue requires 2Checkout (deprecated since version 2.6) or PayPal Express to be set set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.

CPENameOperatorVersion
eq2.12.4

Related

nvd 1
cvelist 1
osv 1
cve 1
prion 1
wordfence 2
nvd
nvd
CVE-2023-6187
2023-11-18 02:15:49
cvelist
cvelist
CVE-2023-6187
2023-11-18 01:54:35
osv
osv
CVE-2023-6187
2023-11-18 02:15:49
cve
cve
CVE-2023-6187
2023-11-18 02:15:49
prion
prion
Input validation
2023-11-18 02:15:00
wordfence
wordfence
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)
2023-11-23 20:29:59

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON
Related for WPVDB-ID:D50DBFB9-5759-415A-8638-73C622B44793
nvd1cvelist1osv1cve1prion1wordfence2