Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Information

Software Type Plugin
Software Slug paid-memberships-pro (view on wordpress.org)
Software Status Removed
Software Author strangerstudios
Software Website www.paidmembershipspro.com
Software Downloads 6,285,592
Software Active Installs 90,000
Software Record Last Updated December 22, 2024

Showing 1-20 of 26 Vulnerabilities

5.3
CVE ID Unknown
Jan 12, 2024
Researchers:
Title Status CVE ID CVSS Researchers Date
Paid Memberships Pro <= 3.0.5 - Authenticated (Administrator+) SQL Injection Patched CVE-2024-37486 9.1 Trương Hữu Phúc (truonghuuphuc) July 4, 2024
Paid Memberships Pro <= 3.0.4 - Unauthenticated Insecure Direct Object Reference to Order Status Update Patched CVE-2024-37277 5.3 Rafie Muhammad June 28, 2024
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification Patched CVE-2024-1407 5.4 Colin Xu June 18, 2024
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery Patched CVE-2024-32793 5.4 Majed Refaea April 22, 2024
Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery Patched CVE-2024-3215 5.3 Whit Taylor April 15, 2024
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery Patched CVE-2024-0588 4.3 kodaichodai March 25, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode Patched CVE-2024-1279 4.3 Scott Kingsley Clark February 16, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure Patched 5.3 Scott Kingsley Clark February 8, 2024
Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update Patched CVE-2024-0624 5.3 kodaichodai January 24, 2024
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs Patched 5.3 January 12, 2024
Paid Memberships Pro <= 2.12.5 - Missing Authorization via API Patched CVE-2023-6855 5.3 Webbernaut December 21, 2023
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2023-6187 7.5 István Márton November 16, 2023
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes Patched CVE-2023-0631 7.7 Marc-Alexandre Montpas February 28, 2023
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2022-4830 6.4 István Márton January 23, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection Patched CVE-2023-23488 9.8 Joshua Martinelle January 12, 2023
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection Patched CVE-2021-25114 9.8 Krzysztof Zając January 7, 2022
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting Patched CVE-2021-24979 6.1 ZhongFu Su November 23, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting Patched 6.4 Scott Kingsley Clark June 25, 2021
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection Patched CVE-2021-20678 8.8 Gen Sato March 5, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure Patched 4.3 January 6, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation