Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High0
Medium5
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-01-17

CVE-2024-1407 - Paid Subscriptions Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.

PLUGIN Paid Subscriptions

CVE-2024-1407

MEDIUM CVSS 5.4 2024-06-19
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-3215 - Paid Subscriptions Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Paid Subscriptions

CVE-2024-3215

MEDIUM CVSS 5.3 2024-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-0588 - Paid Subscriptions Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Paid Subscriptions

CVE-2024-0588

MEDIUM CVSS 4.3 2024-04-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-0624 - Paid Subscriptions Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Paid Subscriptions

CVE-2024-0624

MEDIUM CVSS 5.3 2024-01-25
Open Full Technical Breakdown
Threat Entry Updated 2025-06-03

CVE-2023-6855 - Paid Subscriptions Plugin

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.

PLUGIN Paid Subscriptions

CVE-2023-6855

MEDIUM CVSS 5.3 2024-01-11
Open Full Technical Breakdown
Scroll to top