Strangerstudios Paid_memberships_pro
24 CVEs affecting Strangerstudios Paid_memberships_pro. Latest disclosed: 2024-11-01. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-23488 | Critical | 9.8 | 2023-01-20 | The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpr… |
CVE-2021-25114 | Critical | 9.8 | 2022-02-07 | The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before u… |
CVE-2023-0631 | High | 8.8 | 2023-03-20 | The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL… |
CVE-2021-20678 | High | 8.8 | 2021-03-18 | SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via uns… |
CVE-2024-37486 | High | 7.6 | 2024-07-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships… |
CVE-2024-37277 | High | 7.5 | 2024-11-01 | Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This iss… |
CVE-2023-6187 | High | 7.5 | 2023-11-18 | The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_sess… |
CVE-2020-5579 | High | 7.2 | 2020-05-20 | SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via uns… |
CVE-2024-1287 | Medium | 6.5 | 2024-07-30 | The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive informat… |
CVE-2021-24979 | Medium | 6.1 | 2021-12-27 | The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a… |
CVE-2015-5532 | Medium | 6.1 | 2017-10-23 | Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject ar… |
CVE-2023-39990 | Medium | 5.4 | 2024-06-19 | Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3. |
CVE-2024-1407 | Medium | 5.4 | 2024-06-19 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all… |
CVE-2024-32793 | Medium | 5.4 | 2024-04-24 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. |
CVE-2022-4830 | Medium | 5.4 | 2023-02-13 | The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, w… |
CVE-2024-3215 | Medium | 5.3 | 2024-05-02 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all… |
CVE-2024-0624 | Medium | 5.3 | 2024-01-25 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all… |
CVE-2023-6855 | Medium | 5.3 | 2024-01-11 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of memb… |
CVE-2024-1286 | Medium | 4.9 | 2024-07-30 | The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users… |
CVE-2024-32794 | Medium | 4.3 | 2024-04-24 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. |