Strangerstudios Paid Memberships Pro vulnerabilities
24 known vulnerabilities affecting strangerstudios/paid_memberships_pro.
Total CVEs
24
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH8MEDIUM13
Vulnerabilities
Page 2 of 2
CVE-2024-1279P4MEDIUMCVSS 4.3fixed in 2.12.92024-03-11
CVE-2024-1279 [MEDIUM] CWE-284 CVE-2024-1279: The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the cont
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
nvd
CVE-2024-0588P4MEDIUMCVSS 4.3fixed in 3.02024-04-09
CVE-2024-0588 [MEDIUM] CWE-352 CVE-2024-0588: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to en
nvd
CVE-2020-36754P4MEDIUMCVSS 4.3≤ 2.4.22023-10-20
CVE-2020-36754 [MEDIUM] CWE-352 CVE-2020-36754: The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator i
nvd
CVE-2024-3215P4MEDIUMCVSS 4.3fixed in 3.0.22024-05-02
CVE-2024-3215 [MEDIUM] CWE-352 CVE-2024-3215: The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers
nvd
← Previous2 / 2