Summary
The Paid Memberships Pro plugin for WordPress is prone to an information- disclosure vulnerability because it fails to sufficiently validate user- supplied data.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
Paid Memberships Pro 1.4.7 is vulnerable
other versions may also
be affected.
Solution
Vendor updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability