Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Information

Software Type Plugin
Software Slug paid-memberships-pro (view on wordpress.org)
Software Status Active
Software Author strangerstudios
Software Website www.paidmembershipspro.com
Software Downloads 5,608,591
Software Active Installs 90,000
Software Record Last Updated February 27, 2024

19 Vulnerabilities

5.3
CVE ID Unknown
Jan 12, 2024
Researchers:
7.2
CVE ID Unknown
Jun 1, 2019
Researchers:
Title CVE ID CVSS Researchers Date
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure 5.3 Scott Kingsley Clark February 8, 2024
Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update CVE-2024-0624 5.3 kodaichodai January 24, 2024
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs 5.3 January 12, 2024
Paid Memberships Pro <= 2.12.5 - Missing Authorization via API CVE-2023-6855 5.3 Webbernaut December 21, 2023
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2023-6187 7.5 István Márton November 16, 2023
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes CVE-2023-0631 7.7 Marc-Alexandre Montpas February 28, 2023
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4830 6.4 István Márton January 23, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection CVE-2023-23488 9.8 Joshua Martinelle January 12, 2023
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection CVE-2021-25114 9.8 Krzysztof Zając January 7, 2022
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting CVE-2021-24979 6.1 ZhongFu Su November 23, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting 6.4 Scott Kingsley Clark June 25, 2021
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection CVE-2021-20678 8.8 Gen Sato March 5, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure 4.3 January 6, 2021
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting 6.4 Ron Masas from Checkmarx.com November 16, 2020
Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass CVE-2020-36754 4.3 Jerome Bruandet September 16, 2020
Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection CVE-2020-5579 4.7 Kenichi Okuno (Mitsui Bussan Secure Directions) May 19, 2020
Paid Memberships Pro <= 2.0.5 - Open Redirect 7.2 June 1, 2019
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting CVE-2015-5532 6.1 High-Tech Bridge Security Research Lab July 22, 2015
Paid Memberships Pro < 1.7.15 - Directory Traversal CVE-2014-8801 7.5 Kacper Szurek November 14, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation