Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High1
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2024-10-08

CVE-2024-9222 - Paid Member Subscriptions Plugin

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Paid Member Subscriptions

CVE-2024-9222

MEDIUM CVSS 6.1 2024-10-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-27

CVE-2024-1389 - Paid Member Subscriptions Plugin

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.

PLUGIN Paid Member Subscriptions

CVE-2024-1389

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-01-22

CVE-2024-1390 - Paid Member Subscriptions Plugin

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.

PLUGIN Paid Member Subscriptions

CVE-2024-1390

MEDIUM CVSS 4.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24728 - Paid Member Subscriptions Plugin

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

PLUGIN Paid Member Subscriptions

CVE-2021-24728

HIGH CVSS 8.8 2021-09-13
Open Full Technical Breakdown
Scroll to top