Product
strangerstudios paid memberships pro
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-37277
CVE-2024-1287
CVE-2024-1286
CVE-2024-37486
CVE-2023-39990
CVE-2024-1407
CVE-2024-3215
CVE-2024-32794
CVE-2024-32793
CVE-2024-0588
CVE-2024-1279
CVE-2024-0624
CVE-2023-6855
CVE-2023-6187
CVE-2020-36754
CVE-2023-0631
CVE-2022-4830
CVE-2022-4831
CVE-2023-23488
CVE-2021-25114
CVE-2021-24979
CVE-2021-20678
CVE-2020-5579
CVE-2015-5532
CVE-2014-8801
< 3.0.5
Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly
< 1.2.6
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking ot
< 0.7
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensi
< 3.0.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This is
< 1.2.4
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
< 3.0
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cros
< 3.0.2
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cros
< 3.0
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through
< 3.0
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through
< 3.0
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cros
< 2.12.9
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking othe
<= 2.12.7
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cros
<= 2.12.5
The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unau
<= 2.12.3
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in
<= 2.4.2
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2
< 2.9.12
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate at
< 2.9.9
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before output
< 1.8.1
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortc
< 2.9.8
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the '
>= 2.4 and < 2.4.5
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to un
< 2.6.6
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute i
< 2.5.6
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute a
< 2.3.3
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute a
< 1.8.4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow
< 1.7.15
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows re