Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Paid Memberships Pro — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Paid Memberships Pro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Paid Memberships Pro is a WordPress plugin for managing subscription-based membership sites with tiered access controls. Historically, it has been susceptible to multiple remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The plugin has accumulated eight CVEs, including critical flaws allowing unauthenticated attackers to execute arbitrary code or bypass security restrictions. While no major public incidents have been widely documented, the consistent discovery of severe vulnerabilities in its codebase highlights the importance of regular updates and security hardening for sites utilizing this membership management solution.

Top products by Paid Memberships Pro: Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On Paid Memberships Pro – Mailchimp Add On Paid Memberships Pro CCBill Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-37277 WordPress Paid Memberships Pro plugin <= 3.0.4 - Insecure Direct Object References (IDOR) vulnerability — Paid Memberships ProCWE-639 7.5 High2024-11-01
CVE-2024-37486 WordPress Paid Memberships Pro plugin <= 3.0.5 - Authenticated SQL Injection vulnerability — Paid Memberships ProCWE-89 7.6 High2024-07-09
CVE-2023-39990 WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability — Paid Memberships ProCWE-862 5.4 Medium2024-06-19
CVE-2023-40608 WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability — Paid Memberships Pro CCBill GatewayCWE-862 8.2 High2024-06-19
CVE-2024-32793 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability — Paid Memberships ProCWE-352 5.4 Medium2024-04-24
CVE-2024-32794 WordPress Paid Memberships Pro plugin <= 2.12.10 - Cross Site Request Forgery (CSRF) vulnerability — Paid Memberships ProCWE-352 4.3 Medium2024-04-24
CVE-2024-30523 WordPress Paid Memberships Pro – Mailchimp Add On plugin <= 2.3.4 - Sensitive Data Exposure vulnerability — Paid Memberships Pro – Mailchimp Add OnCWE-532 5.3 Medium2024-03-31
CVE-2024-30514 WordPress Paid Memberships Pro – Payfast Gateway Add On plugin <= 1.4.1 - Sensitive Data Exposure via Log File vulnerability — Paid Memberships Pro – Payfast Gateway Add OnCWE-532 5.3 Medium2024-03-29

This page lists every published CVE security advisory associated with Paid Memberships Pro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.