RSS   Vulnerabilities for 'Paid memberships pro'   RSS

2021-03-18
 
CVE-2021-20678

CWE-89
 

 
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

 
2020-05-20
 
CVE-2020-5579

CWE-89
 

 
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

 
2017-10-23
 
CVE-2015-5532

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.

 
2014-11-28
 
CVE-2014-8801

 

 
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top