Vulnerabilities > Strangerstudios > Paid Memberships PRO > 2.12.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-25 | CVE-2024-0624 | Cross-Site Request Forgery (CSRF) vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. | 5.3 |
2024-01-11 | CVE-2023-6855 | Missing Authorization vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). | 5.3 |