WordPress Plugin Vulnerabilities

Paid Memberships Pro < 2.5.1 - Authenticated Cross-Site Scripting (XSS)

Description

The Paid Memberships Pro WordPress plugin, versions less than 2.5.1, were affected by an Authenticated Cross-Site Scripting (XSS) vulnerability in the 'page ' paramater of the Members List page of the dashboard.

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.5.1

References

URL
https://plugins.trac.wordpress.org/changeset/2419637

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Ron Masas from Checkmarx.com
Verified
No
WPVDB ID
e13dff6e-bd06-4773-8e49-36f71ae14876

Timeline

Publicly Published
2020-11-16 (about 5 years ago)
Added
2020-12-03 (about 5 years ago)
Last Updated
2020-12-03 (about 5 years ago)

Other

Published
Title
Published
2025-09-22
Title
The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
Published
2025-02-17
Title
Simplebooklet PDF Viewer and Embedder < 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-05-30
Title
Safety Exit < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2025-08-01
Title
Ocean Social Sharing < 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-02-13
Title
Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS