Strangerstudios Paid_memberships_pro

24 CVEs affecting Strangerstudios Paid_memberships_pro. Latest disclosed: 2024-11-01. Critical: 2, High: 6.

Top CVEs affecting Strangerstudios Paid_memberships_pro
CVESeverityScorePublishedSummary
CVE-2023-23488Critical9.82023-01-20The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpr…
CVE-2021-25114Critical9.82022-02-07The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before u…
CVE-2023-0631High8.82023-03-20The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL…
CVE-2021-20678High8.82021-03-18SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via uns…
CVE-2024-37486High7.62024-07-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships…
CVE-2024-37277High7.52024-11-01Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This iss…
CVE-2023-6187High7.52023-11-18The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'pmpro_paypalexpress_sess…
CVE-2020-5579High7.22020-05-20SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via uns…
CVE-2024-1287Medium6.52024-07-30The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive informat…
CVE-2021-24979Medium6.12021-12-27The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a…
CVE-2015-5532Medium6.12017-10-23Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject ar…
CVE-2023-39990Medium5.42024-06-19Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
CVE-2024-1407Medium5.42024-06-19The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2024-32793Medium5.42024-04-24Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
CVE-2022-4830Medium5.42023-02-13The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, w…
CVE-2024-3215Medium5.32024-05-02The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2024-0624Medium5.32024-01-25The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2023-6855Medium5.32024-01-11The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of memb…
CVE-2024-1286Medium4.92024-07-30The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users…
CVE-2024-32794Medium4.32024-04-24Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.