High 7.1 Closed
2026-05-05< 3.6.6
WordPress Paid Memberships Pro Plugin <= 3.6.5 is vulnerable to a medium priority Broken Access Control
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
High 7.2 Closed
2024-07-09< 3.0.6
CVE-2024-37486
Critical 9.8 Closed
2024-11-01< 3.0.5
CVE-2024-37277
N/A Closed
< 2.12.7
Paid Memberships Pro < 2.12.7 - Information Exposure in Debug Logs
Medium 5.4 Closed
2024-06-19< 3.0
CVE-2024-1407
High 8.8 Closed
2024-04-24< 3.0
CVE-2024-32793
High 8.8 Closed
2024-04-24< 3.0
CVE-2024-32794
Medium 4.3 Closed
2024-05-02< 3.0.2
CVE-2024-3215
Medium 4.3 Closed
2024-04-09< 3.0
CVE-2024-0588
Medium 4.3 Closed
2024-03-11< 2.12.9
CVE-2024-1279
N/A Closed
< 2.12.9
WordPress Paid Memberships Pro Plugin <= 2.12.8 is vulnerable to Sensitive Data Exposure
N/A Closed
2024-02-08< 2.12.9
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure
Medium 5.3 Closed
2024-01-25< 2.12.8
CVE-2024-0624
N/A Closed
2024-01-15< 2.12.7
WordPress Paid Memberships Pro Plugin <= 2.12.6 is vulnerable to Sensitive Data Exposure
N/A Closed
2024-01-12< 2.12.7
Paid Memberships Pro <= 2.12.6 - Information Exposure in Debug Logs
Medium 5.3 Closed
2024-12-21< 2.12.6
WordPress Paid Memberships Pro Plugin <= 2.12.5 is vulnerable to Broken Access Control
High 8.8 Closed
2023-11-18< 2.12.4
CVE-2023-6187
N/A Closed
< 1.5
Paid Memberships Pro 1.4.7 - adminpages/memberslist-csv.php Direct Request Member Personal Information Disclosure
N/A Closed
< 2.0.6
Paid Memberships Pro <= 2.0.5 - Authenticated Open Redirect
N/A Closed
< 2.3.3
Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection
N/A Closed
< 2.5.1
Paid Memberships Pro < 2.5.1 - Authenticated Cross-Site Scripting (XSS)
N/A Closed
< 2.5.3
Paid Membership Pro < 2.5.3 - Unauthorised Order Information Disclosure
N/A Closed
< 2.5.10
Paid Membership Pro < 2.5.10 - Cross-Site Scripting (XSS)
Medium 4.3 Closed
2023-10-20< 2.4.3
CVE-2020-36754
N/A Closed
2023-06-07< 2.4.3
CVE-2021-4342
High 8.8 Closed
2023-03-20< 2.9.12
CVE-2023-0631
Medium 5.4 Closed
2023-02-13< 2.9.9
CVE-2022-4830
Critical 9.8 Closed
2023-01-20< 2.9.8
CVE-2023-23488
N/A Closed
2019-06-01< 2.0.6
Paid Memberships Pro <= 2.0.5 - Open Redirect
N/A Closed
< 2.4.3
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
N/A Closed
2020-11-16< 2.5.1
Paid Memberships Pro <= 2.5.0 - Cross-Site Scripting
N/A Closed
2021-01-06< 2.5.3
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure
N/A Closed
2021-06-25< 2.5.10
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting
N/A Closed
< 2.4.3
Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)
N/A Closed
2014-08-01< 1.5
WordPress Paid Memberships Pro Plugin <= 1.4.7 - Information Disclosure
N/A Closed
2019-06-11< 2.0.6
WordPress Paid Memberships Pro plugin <= 2.0.5 - Authenticated Open Redirect vulnerability
N/A Closed
2020-09-16< 2.4.3
WordPress Paid Memberships Pro plugin <= 2.4.2 - Cross-Site Request Forgery (CSRF) vulnerability
N/A Closed
2020-12-03< 2.5.1
WordPress Paid Memberships Pro plugin <= 2.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
N/A Closed
2021-02-06< 2.5.3
WordPress Paid Memberships Pro plugin <= 2.5.2 - Insecure Direct Object Reference & sensitive information disclosure vulnerability
High 7.2 Closed
2020-05-20< 2.3.3
CVE-2020-5579
N/A Closed
2014-11-28< 1.7.15
CVE-2014-8801
Medium 6.1 Closed
2017-10-23< 1.8.4.3
CVE-2015-5532
High 8.8 Closed
2021-03-18< 2.5.6
CVE-2021-20678
Medium 6.1 Closed
2021-12-27< 2.6.6
CVE-2021-24979
Critical 9.8 Closed
2022-02-07< 2.6.7
CVE-2021-25114