| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-37277 | WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability | Paid Memberships Pro | Paid Memberships Pro | High | 7.5 | 2024-11-01 14:18:27 | Deep Dive |
| CVE-2024-37486 | WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability | Paid Memberships Pro | Paid Memberships Pro | High | 7.6 | 2024-07-09 09:01:13 | Deep Dive |
| CVE-2023-39990 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 5.4 | 2024-06-19 12:08:57 | Deep Dive |
| CVE-2023-40608 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability | Paid Memberships Pro | Paid Memberships Pro CCBill Gateway | High | 8.2 | 2024-06-19 11:51:47 | Deep Dive |
| CVE-2024-1407 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.4 | 2024-06-19 06:55:47 | Deep Dive |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-05-02 16:52:30 | Deep Dive |
| CVE-2024-32793 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 5.4 | 2024-04-24 14:56:56 | Deep Dive |
| CVE-2024-32794 | WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability | Paid Memberships Pro | Paid Memberships Pro | Medium | 4.3 | 2024-04-24 14:55:50 | Deep Dive |
| CVE-2024-0588 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 4.3 | 2024-04-09 18:58:55 | Deep Dive |
| CVE-2024-30523 | WordPress Paid Memberships Pro – Mailchimp Add On plugin <= 2.3.4 - Sensitive Data Exposure vulnerability | Paid Memberships Pro | Paid Memberships Pro – Mailchimp Add On | Medium | 5.3 | 2024-03-31 18:11:22 | Deep Dive |
| CVE-2024-30514 | WordPress Paid Memberships Pro – Payfast Gateway Add On plugin <= 1.4.1 - Sensitive Data Exposure via Log File vulnerability | Paid Memberships Pro | Paid Memberships Pro – Payfast Gateway Add On | Medium | 5.3 | 2024-03-29 15:40:19 | Deep Dive |
| CVE-2024-1279 | Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure | Unknown | Paid Memberships Pro | - | - | 2024-03-11 17:56:07 | Deep Dive |
| CVE-2024-0624 | Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-01-25 01:55:03 | Deep Dive |
| CVE-2023-6855 | Paid Memberships Pro <= 2.12.5 - Missing Authorization via API | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-01-11 08:32:32 | Deep Dive |
| CVE-2023-6187 | Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | High | 7.5 | 2023-11-18 01:54:35 | Deep Dive |
| CVE-2020-36754 | Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 4.3 | 2023-10-20 07:29:35 | Deep Dive |
| CVE-2023-0631 | Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection | Unknown | Paid Memberships Pro | 高危 | - | 2023-03-20 15:52:11 | Deep Dive |
| CVE-2022-4830 | Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode | Unknown | Paid Memberships Pro | 中危 | - | 2023-02-13 14:32:31 | Deep Dive |
| CVE-2022-4831 | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode | Unknown | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro | 中危 | - | 2023-01-30 20:31:56 | Deep Dive |
| CVE-2023-23488 | WordPress Plugin The Paid Memberships Pro SQL注入漏洞 | - | Paid Memberships Pro WordPress Plugin | 超危 | - | 2023-01-20 00:00:00 | Deep Dive |