cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1407,https://securityvulnerability.io/vulnerability/CVE-2024-1407,Cross-Site Request Forgery Vulnerability in Paid Memberships Pro,"The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-19T06:55:47.195Z,0
CVE-2024-3215,https://securityvulnerability.io/vulnerability/CVE-2024-3215,Cross-Site Request Forgery Vulnerability in Paid Memberships Pro Plugin,"The Paid Memberships Pro plugin for WordPress, which facilitates content restriction and user registration, contains a vulnerability due to improper nonce validation in the pmpro_update_level_group_order() function. This allows unauthenticated attackers to exploit the inadequacy by tricking site administrators into executing unwanted actions. Specifically, by crafting a forged request, attackers could manipulate order levels on affected sites, compromising the security and integrity of user content and subscriptions.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-05-02T16:52:29.758Z,0
CVE-2024-0588,https://securityvulnerability.io/vulnerability/CVE-2024-0588,Cross-Site Request Forgery Vulnerability in Paid Memberships Pro Plugin for WordPress,"The Paid Memberships Pro plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) attack, specifically in versions up to and including 2.12.10. This vulnerability arises from a lack of necessary nonce validation within the pmpro_lifter_save_streamline_option() function. Unscrupulous actors can exploit this flaw by tricking a site administrator into executing unintended actions, such as clicking on a malicious link, which may enable the streamlined setting of Lifter LMS without proper authentication.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",4.3,MEDIUM,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-09T18:58:54.999Z,0
CVE-2024-0624,https://securityvulnerability.io/vulnerability/CVE-2024-0624,Cross-Site Request Forgery in Paid Memberships Pro Plugin for WordPress,"The Paid Memberships Pro plugin for WordPress contains a vulnerability due to inadequate nonce validation in the pmpro_update_level_order() function. This allows unauthenticated attackers to potentially change membership levels by crafting a forged request if they manage to trick an administrator into clicking a malicious link. This issue affects all versions up to and including 2.12.7, posing risks to the integrity of user memberships and system security.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",5.3,MEDIUM,0.0006500000017695129,false,,false,false,true,true,false,false,2024-01-25T02:15:00.000Z,0
CVE-2023-6855,https://securityvulnerability.io/vulnerability/CVE-2023-6855,Unauthenticated Membership Level Modification in Paid Memberships Pro Plugin for WordPress,"The Paid Memberships Pro plugin for WordPress contains a vulnerability that allows unauthenticated attackers to modify membership levels. This flaw arises due to an insufficient capability check within the pmpro_rest_api_get_permissions_check function. Attackers can exploit this weakness in all versions up to 2.12.5, leading to unauthorized alterations in membership levels and associated pricing structures. It is crucial for users of this plugin to update to a patched version to prevent potential exploitation.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",5.3,MEDIUM,0.0024300001095980406,false,,false,false,false,,false,false,2024-01-11T08:32:31.855Z,0
CVE-2023-6187,https://securityvulnerability.io/vulnerability/CVE-2023-6187,Arbitrary File Upload Vulnerability in Paid Memberships Pro Plugin for WordPress,"The Paid Memberships Pro plugin for WordPress is affected by a vulnerability allowing authenticated users with subscriber privileges or higher to upload arbitrary files. This occurs due to inadequate file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function. If the payment method is set to PayPal Express or the deprecated 2Checkout and a custom user field is configured to be visible in the profile, attackers can exploit this vulnerability to potentially execute remote code on the affected site's server.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",8.8,HIGH,0.003470000112429261,false,,false,false,false,,false,false,2023-11-18T02:15:00.000Z,0
CVE-2020-36754,https://securityvulnerability.io/vulnerability/CVE-2020-36754,Cross-Site Request Forgery in Paid Memberships Pro Plugin for WordPress,"The Paid Memberships Pro plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to improper nonce validation within the pmpro_page_save() function. An unauthenticated attacker could exploit this vulnerability by tricking an administrator into clicking a malicious link, thereby manipulating page data without authorization. This raises significant security concerns for systems utilizing this plugin, especially in scenarios where user permissions are not strictly managed.",Wordpress,"Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions",4.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,false,false,2023-10-20T07:29:34.539Z,0