Strangerstudios Paid Memberships Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Strangerstudios Paid Memberships Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2021-25114 — CVSS 9.8 (critical): The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to…
CVE-2023-23488 — CVSS 9.8 (critical): The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code'…
CVE-2023-0631 — CVSS 8.8 (high): The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes…
CVE-2021-20678 — CVSS 8.8 (high): SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary…
CVE-2024-37486 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue…
CVE-2023-6187 — CVSS 7.5 (high): The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the…
CVE-2024-37277 — CVSS 7.5 (high): Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly…
CVE-2020-5579 — CVSS 7.2 (high): SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary…
CVE-2024-1287 — CVSS 6.5 (medium): The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other…
CVE-2021-24979 — CVSS 6.1 (medium): The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an…
CVE-2015-5532 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote…
CVE-2022-4830 — CVSS 5.4 (medium): The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2024-1407 — CVSS 5.4 (medium): The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site…
CVE-2023-39990 — CVSS 5.4 (medium): Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
CVE-2024-32793 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.
CVE-2023-6855 — CVSS 5.3 (medium): The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to…
CVE-2024-0624 — CVSS 5.3 (medium): The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site…
CVE-2024-3215 — CVSS 5.3 (medium): The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site…
CVE-2014-8801 — CVSS 5.0 (medium): Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote…
CVE-2024-1286 — CVSS 4.9 (medium): The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive…
CVE-2024-1279 — CVSS 4.3 (medium): The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users'…
CVE-2020-36754 — CVSS 4.3 (medium): The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is…
CVE-2024-0588 — CVSS 4.3 (medium): The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site…
CVE-2024-32794 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10.