Paidmembershipspro Paid Memberships Pro
By the Year
In 2024 there have been 0 vulnerabilities in Paidmembershipspro Paid Memberships Pro . Last year Paid Memberships Pro had 3 security vulnerabilities published. Right now, Paid Memberships Pro is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 4.85 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Paid Memberships Pro vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Paidmembershipspro Paid Memberships Pro Security Vulnerabilities
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2
CVE-2020-36754
4.3 - Medium
- October 20, 2023
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could
CVE-2022-4830
5.4 - Medium
- February 13, 2023
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
XSS
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6
CVE-2021-20678
8.8 - High
- March 18, 2021
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Strangerstudios Paid Memberships Pro or by Paidmembershipspro? Click the Watch button to subscribe.
