Vulnerabilites related to strangerstudios - Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
cve-2023-6855
Vulnerability from cvelistv5
Published
2024-01-11 08:32
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 2.12.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L528"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L997"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.php?contextall=1\u0026old=2947813\u0026old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "2.12.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-862 Missing Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:31.855Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L528"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L997"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.php?contextall=1\u0026old=2947813\u0026old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-21T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6855",
"datePublished": "2024-01-11T08:32:31.855Z",
"dateReserved": "2023-12-15T17:01:59.388Z",
"dateUpdated": "2024-08-02T08:42:08.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36754
Vulnerability from cvelistv5
Published
2023-10-20 07:29
Modified
2024-08-04 17:37
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:06.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2368689%40paid-memberships-pro\u0026new=2368689%40paid-memberships-pro\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThan": "2.4.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:29:34.539Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve"
},
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2368689%40paid-memberships-pro\u0026new=2368689%40paid-memberships-pro\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2020-09-16T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36754",
"datePublished": "2023-10-20T07:29:34.539Z",
"dateReserved": "2023-07-11T18:06:26.367Z",
"dateUpdated": "2024-08-04T17:37:06.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1407
Vulnerability from cvelistv5
Published
2024-06-19 06:55
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 2.12.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:18:06.645541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T17:18:12.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:20.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c46bcbd1-566d-4b21-84a1-f25e3df7ddc7?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.10/includes/functions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/strangerstudios/paid-memberships-pro/pull/2893"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/strangerstudios/paid-memberships-pro/pull/2839"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3058329%40paid-memberships-pro%2Ftrunk\u0026old=3033153%40paid-memberships-pro%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "2.12.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Colin Xu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T06:55:47.195Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c46bcbd1-566d-4b21-84a1-f25e3df7ddc7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.10/includes/functions.php"
},
{
"url": "https://github.com/strangerstudios/paid-memberships-pro/pull/2893"
},
{
"url": "https://github.com/strangerstudios/paid-memberships-pro/pull/2839"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3058329%40paid-memberships-pro%2Ftrunk\u0026old=3033153%40paid-memberships-pro%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-18T18:44:27.000+00:00",
"value": "Disclosed"
}
],
"title": "Paid Memberships Pro \u003c= 2.12.10 - Cross-Site Request Forgery to Membership Modification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-1407",
"datePublished": "2024-06-19T06:55:47.195Z",
"dateReserved": "2024-02-09T16:38:25.211Z",
"dateUpdated": "2024-08-01T18:40:20.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0624
Vulnerability from cvelistv5
Published
2024-01-25 01:55
Modified
2024-10-18 15:24
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 2.12.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-25T15:47:39.655058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T15:24:41.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "2.12.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kodai Kubono"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T01:55:02.762Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0624",
"datePublished": "2024-01-25T01:55:02.762Z",
"dateReserved": "2024-01-16T19:17:26.021Z",
"dateUpdated": "2024-10-18T15:24:41.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3215
Vulnerability from cvelistv5
Published
2024-05-02 16:52
Modified
2024-08-01 20:05
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 3.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T18:38:02.815151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:25.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3069136/paid-memberships-pro/trunk/includes/services.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Whit Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-02T16:52:29.758Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3069136/paid-memberships-pro/trunk/includes/services.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-15T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3215",
"datePublished": "2024-05-02T16:52:29.758Z",
"dateReserved": "2024-04-02T17:36:53.860Z",
"dateUpdated": "2024-08-01T20:05:07.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6187
Vulnerability from cvelistv5
Published
2023-11-18 01:54
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 2.12.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paidmembershipspro.com/pmpro-update-2-12-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "2.12.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the \u0027pmpro_paypalexpress_session_vars_for_user_fields\u0027 function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-18T01:54:35.162Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564"
},
{
"url": "https://www.paidmembershipspro.com/pmpro-update-2-12-4/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-14T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-11-14T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-16T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6187",
"datePublished": "2023-11-18T01:54:35.162Z",
"dateReserved": "2023-11-17T12:09:54.958Z",
"dateUpdated": "2024-08-02T08:21:17.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0588
Vulnerability from cvelistv5
Published
2024-04-09 18:58
Modified
2024-08-01 18:11
Severity ?
EPSS score ?
Summary
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions |
Version: * ≤ 2.12.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:25:21.221778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:59:01.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976\u0026old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions",
"vendor": "strangerstudios",
"versions": [
{
"lessThanOrEqual": "2.12.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kodai Kubono"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Memberships Pro \u2013 Content Restriction, User Registration, \u0026 Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T18:58:54.999Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976\u0026old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-25T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0588",
"datePublished": "2024-04-09T18:58:54.999Z",
"dateReserved": "2024-01-16T13:31:55.403Z",
"dateUpdated": "2024-08-01T18:11:35.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}