All 7 CVE vulnerabilities found in Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions, with AI-generated Chinese analysis, references, and POCs.
Vendor: strangerstudios
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-1407 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification CWE-352 | 5.4 | Medium | 2024-06-19 |
| CVE-2024-3215 | Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery CWE-352 | 5.3 | Medium | 2024-05-02 |
| CVE-2024-0588 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery CWE-352 | 4.3 | Medium | 2024-04-09 |
| CVE-2024-0624 | Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update CWE-352 | 5.3 | Medium | 2024-01-25 |
| CVE-2023-6855 | Paid Memberships Pro <= 2.12.5 - Missing Authorization via API CWE-862 | 5.3 | Medium | 2024-01-11 |
| CVE-2023-6187 | Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 | 7.5 | High | 2023-11-18 |
| CVE-2020-36754 | Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass CWE-352 | 4.3 | Medium | 2023-10-20 |
All 7 known CVE vulnerabilities affecting Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions with full Chinese analysis, references, and POCs where available.