Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24979 | 1 Strangerstudios | 1 Paid Memberships Pro | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2015-5532 | 1 Strangerstudios | 1 Paid Memberships Pro | 2021-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. | |||||
| CVE-2014-8801 | 1 Strangerstudios | 1 Paid Memberships Pro | 2021-03-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. | |||||
| CVE-2020-5579 | 1 Strangerstudios | 1 Paid Memberships Pro | 2021-03-23 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | |||||