WordPress Plugin Vulnerabilities

Paid Memberships Pro <= 2.0.5 - Authenticated Open Redirect

Description

The Paid Memberships Pro WordPress plugin was affected by an Authenticated Open Redirect security vulnerability.

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.0.6

References

URL
https://plugins.trac.wordpress.org/changeset/2098260/paid-memberships-pro

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ab6f0e23-a55b-4f35-9b45-de2b155408fb

Timeline

Publicly Published
2019-06-01 (about 6 years ago)
Added
2019-06-01 (about 6 years ago)
Last Updated
2019-11-13 (about 6 years ago)

Other

Published
Title
Published
2023-07-18
Title
Ninja Popups <= 4.7.5 - Unauthenticated Open Redirect
Published
2024-10-21
Title
Simple Membership < 4.5.4 - Unauthenticated Open Redirect
Published
2021-01-21
Title
Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset
Published
2026-01-01
Title
User Submitted Posts < 20251210 - Unauthenticated Open Redirect
Published
2023-01-06
Title
miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login