WordPress Plugin Vulnerabilities

Paid Membership Pro < 2.5.10 - Cross-Site Scripting (XSS)

Description

The plugin was affected by a. Cross-Site Scripting issue in the edit order page or the admin dashboard

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.5.10

References

URL
https://plugins.trac.wordpress.org/changeset/2554113

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Scott Kingsley Clark
Verified
No
WPVDB ID
94ed6938-ff87-4619-be3a-582b6145d53b

Timeline

Publicly Published
2021-06-25 (about 2 years ago)
Added
2021-06-28 (about 2 years ago)
Last Updated
2021-06-28 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS
Published
2022-01-24
Title
Advanced Database Cleaner < 3.0.4 - Reflected Cross-Site Scripting
Published
2024-03-29
Title
Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2021-09-21
Title
St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting
Published
2024-03-04
Title
Easy!Appointments < 1.3.2 - Contributor+ Stored Cross-Site Scripting