Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Information

Software Type Plugin
Software Slug paid-memberships-pro (view on wordpress.org)
Software Status Active
Software Author strangerstudios
Software Website www.paidmembershipspro.com
Software Downloads 5,859,056
Software Active Installs 90,000
Software Record Last Updated June 15, 2024

Showing 1-20 of 22 Vulnerabilities

5.3
CVE ID Unknown
Jan 12, 2024
Researchers:
7.2
CVE ID Unknown
Jun 1, 2019
Researchers:
Title Status CVE ID CVSS Researchers Date
Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery Patched CVE-2024-3215 5.3 Whit Taylor April 15, 2024
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery Patched CVE-2024-0588 4.3 kodaichodai March 25, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode Patched CVE-2024-1279 4.3 Scott Kingsley Clark February 16, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure Patched 5.3 Scott Kingsley Clark February 8, 2024
Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update Patched CVE-2024-0624 5.3 kodaichodai January 24, 2024
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs Patched 5.3 January 12, 2024
Paid Memberships Pro <= 2.12.5 - Missing Authorization via API Patched CVE-2023-6855 5.3 Webbernaut December 21, 2023
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2023-6187 7.5 István Márton November 16, 2023
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes Patched CVE-2023-0631 7.7 Marc-Alexandre Montpas February 28, 2023
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2022-4830 6.4 István Márton January 23, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection Patched CVE-2023-23488 9.8 Joshua Martinelle January 12, 2023
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection Patched CVE-2021-25114 9.8 Krzysztof Zając January 7, 2022
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting Patched CVE-2021-24979 6.1 ZhongFu Su November 23, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting Patched 6.4 Scott Kingsley Clark June 25, 2021
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection Patched CVE-2021-20678 8.8 Gen Sato March 5, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure Patched 4.3 January 6, 2021
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting Patched 6.4 Ron Masas from Checkmarx.com November 16, 2020
Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass Patched CVE-2020-36754 4.3 Jerome Bruandet September 16, 2020
Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection Patched CVE-2020-5579 4.7 Kenichi Okuno (Mitsui Bussan Secure Directions) May 19, 2020
Paid Memberships Pro <= 2.0.5 - Open Redirect Patched 7.2 June 1, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation