Last Modified: Nov. 24, 2023
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.
Tweets last week: 0
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.00246
Remaining steady
Reddit Posts: 0
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Base Score: 8.8
Exploitability Score:
2.8
Impact Score: 5.9
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-434
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:* Part: a Vendor: strangerstudios | Alle Schwachstellen für strangerstudios | |
CWE-ID:
Not defined
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
Configuration:
added:
cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*"/>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*"/>
</set>
<prop key="program_influence" value="input"/>
</set>