CVE-2024-37277

CWE-639 — Insecure Direct Object Reference3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 45.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strangerstudios Paid Memberships PRO Paid Memberships PRO Paid Memberships PRO

Timeline

PublishedNov 1

Description

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDstrangerstudios/paid_memberships_pro< 3.0.5

▶CVEListV5paid_memberships_pro/paid_memberships_pron/a — 3.0.4

🔴Vulnerability Details

GHSA

GHSA-29g9-48v7-9r7c: Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs↗2024-11-01

▶

CVEList

WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability↗2024-11-01

▶