Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions

Information

Software Type Plugin
Software Slug paid-memberships-pro (view on wordpress.org)
Software Status Active
Software Author strangerstudios
Software Website www.paidmembershipspro.com
Software Downloads 4,983,400
Software Active Installs 100,000
Software Record Last Updated May 30, 2023

14 vulnerabilities

Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes
7.7
CVE-2023-0631
Feb 28, 2023
Researcher: Marc-Alexandre Montpas
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2022-4830
Jan 23, 2023
Researcher: Lana Codes
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection
9.8
CVE-2023-23488
Jan 12, 2023
Researcher: Joshua Martinelle
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection
9.8
CVE-2021-25114
Jan 7, 2022
Researcher: Krzysztof Zając
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting
6.1
CVE-2021-24979
Nov 23, 2021
Researcher: ZhongFu Su
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting
6.4
CVE ID Unknown
Jun 25, 2021
Researcher: Scott Kingsley Clark
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection
8.8
CVE-2021-20678
Mar 5, 2021
Researcher: Gen Sato
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure
4.3
CVE ID Unknown
Jan 6, 2021
Researchers:
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting
6.4
CVE ID Unknown
Nov 16, 2020
Researcher: Ron Masas from Checkmarx.com
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
8.8
CVE ID Unknown
Sep 26, 2020
Researcher: Jerome Bruandet
Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
4.7
CVE-2020-5579
May 19, 2020
Researcher: Kenichi Okuno (Mitsui Bussan Secure Directions)
Paid Memberships Pro <= 2.0.5 - Open Redirect
7.2
CVE ID Unknown
Jun 1, 2019
Researchers:
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting
6.1
CVE-2015-5532
Jul 22, 2015
Researcher: High-Tech Bridge Security Research Lab
Paid Memberships Pro < 1.7.15 - Directory Traversal
7.5
CVE-2014-8801
Nov 14, 2014
Researcher: Kacper Szurek
Title CVE ID CVSS Researchers Date
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes CVE-2023-0631 7.7 Marc-Alexandre Montpas February 28, 2023
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4830 6.4 Lana Codes January 23, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection CVE-2023-23488 9.8 Joshua Martinelle January 12, 2023
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection CVE-2021-25114 9.8 Krzysztof Zając January 7, 2022
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting CVE-2021-24979 6.1 ZhongFu Su November 23, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting 6.4 Scott Kingsley Clark June 25, 2021
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection CVE-2021-20678 8.8 Gen Sato March 5, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure 4.3 January 6, 2021
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting 6.4 Ron Masas from Checkmarx.com November 16, 2020
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass 8.8 Jerome Bruandet September 26, 2020
Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection CVE-2020-5579 4.7 Kenichi Okuno (Mitsui Bussan Secure Directions) May 19, 2020
Paid Memberships Pro <= 2.0.5 - Open Redirect 7.2 June 1, 2019
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting CVE-2015-5532 6.1 High-Tech Bridge Security Research Lab July 22, 2015
Paid Memberships Pro < 1.7.15 - Directory Traversal CVE-2014-8801 7.5 Kacper Szurek November 14, 2014

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation