Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Strangerstudios Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28419 1 Strangerstudios 1 Force Display Name 2023-11-16 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions.
CVE-2021-25114 1 Strangerstudios 1 Paid Memberships Pro 2022-02-10 7.5 HIGH 9.8 CRITICAL
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection
CVE-2021-24979 1 Strangerstudios 1 Paid Memberships Pro 2022-01-06 4.3 MEDIUM 6.1 MEDIUM
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2015-5532 1 Strangerstudios 1 Paid Memberships Pro 2021-04-06 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
CVE-2014-8801 1 Strangerstudios 1 Paid Memberships Pro 2021-03-23 5.0 MEDIUM N/A
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
CVE-2020-5579 1 Strangerstudios 1 Paid Memberships Pro 2021-03-23 6.5 MEDIUM 7.2 HIGH
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.