Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Information

Software Type Plugin
Software Slug paid-memberships-pro (view on wordpress.org)
Software Status Active
Software Author strangerstudios
Software Website www.paidmembershipspro.com
Software Downloads 6,000,076
Software Active Installs 90,000
Software Record Last Updated July 26, 2024

Showing 1-20 of 25 Vulnerabilities

Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection
9.8
CVE-2023-23488
Jan 12, 2023
Researcher: Joshua Martinelle
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection
9.8
CVE-2021-25114
Jan 7, 2022
Researcher: Krzysztof Zając
Paid Memberships Pro <= 3.0.5 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-37486
Jul 4, 2024
Researcher: Trương Hữu Phúc (truonghuuphuc)
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection
8.8
CVE-2021-20678
Mar 5, 2021
Researcher: Gen Sato
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes
7.7
CVE-2023-0631
Feb 28, 2023
Researcher: Marc-Alexandre Montpas
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload
7.5
CVE-2023-6187
Nov 16, 2023
Researcher: István Márton
Paid Memberships Pro < 1.7.15 - Directory Traversal
7.5
CVE-2014-8801
Nov 14, 2014
Researcher: Kacper Szurek
Paid Memberships Pro <= 2.0.5 - Open Redirect
7.2
CVE ID Unknown
Jun 1, 2019
Researchers:
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2022-4830
Jan 23, 2023
Researcher: István Márton
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting
6.4
CVE ID Unknown
Jun 25, 2021
Researcher: Scott Kingsley Clark
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting
6.4
CVE ID Unknown
Nov 16, 2020
Researcher: Ron Masas from Checkmarx.com
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting
6.1
CVE-2021-24979
Nov 23, 2021
Researcher: ZhongFu Su
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting
6.1
CVE-2015-5532
Jul 22, 2015
Researcher: High-Tech Bridge Security Research Lab
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification
5.4
CVE-2024-1407
Jun 18, 2024
Researcher: Colin Xu
Paid Memberships Pro <= 3.0.4 - Unauthenticated Insecure Direct Object Reference to Order Status Update
5.3
CVE-2024-37277
Jun 28, 2024
Researcher: Rafie Muhammad
Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery
5.3
CVE-2024-3215
Apr 15, 2024
Researcher: Whit Taylor
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure
5.3
CVE ID Unknown
Feb 8, 2024
Researcher: Scott Kingsley Clark
Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update
5.3
CVE-2024-0624
Jan 24, 2024
Researcher: kodaichodai
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs
5.3
CVE ID Unknown
Jan 12, 2024
Researchers:
Paid Memberships Pro <= 2.12.5 - Missing Authorization via API
5.3
CVE-2023-6855
Dec 21, 2023
Researcher: Webbernaut
Title Status CVE ID CVSS Researchers Date
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection Patched CVE-2023-23488 9.8 Joshua Martinelle January 12, 2023
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection Patched CVE-2021-25114 9.8 Krzysztof Zając January 7, 2022
Paid Memberships Pro <= 3.0.5 - Authenticated (Administrator+) SQL Injection Patched CVE-2024-37486 9.1 Trương Hữu Phúc (truonghuuphuc) July 4, 2024
Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection Patched CVE-2021-20678 8.8 Gen Sato March 5, 2021
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes Patched CVE-2023-0631 7.7 Marc-Alexandre Montpas February 28, 2023
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload Patched CVE-2023-6187 7.5 István Márton November 16, 2023
Paid Memberships Pro < 1.7.15 - Directory Traversal Patched CVE-2014-8801 7.5 Kacper Szurek November 14, 2014
Paid Memberships Pro <= 2.0.5 - Open Redirect Patched 7.2 June 1, 2019
Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2022-4830 6.4 István Márton January 23, 2023
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting Patched 6.4 Scott Kingsley Clark June 25, 2021
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting Patched 6.4 Ron Masas from Checkmarx.com November 16, 2020
Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting Patched CVE-2021-24979 6.1 ZhongFu Su November 23, 2021
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting Patched CVE-2015-5532 6.1 High-Tech Bridge Security Research Lab July 22, 2015
Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification Patched CVE-2024-1407 5.4 Colin Xu June 18, 2024
Paid Memberships Pro <= 3.0.4 - Unauthenticated Insecure Direct Object Reference to Order Status Update Patched CVE-2024-37277 5.3 Rafie Muhammad June 28, 2024
Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery Patched CVE-2024-3215 5.3 Whit Taylor April 15, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure Patched 5.3 Scott Kingsley Clark February 8, 2024
Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update Patched CVE-2024-0624 5.3 kodaichodai January 24, 2024
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs Patched 5.3 January 12, 2024
Paid Memberships Pro <= 2.12.5 - Missing Authorization via API Patched CVE-2023-6855 5.3 Webbernaut December 21, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation