WordPress Paid Memberships Pro Plugin 'memberslist-csv.php' Information Disclosure Vulnerability Network Vulnerability

Summary

The Paid Memberships Pro plugin for WordPress is prone to an information- disclosure vulnerability because it fails to sufficiently validate user- supplied data. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Paid Memberships Pro 1.4.7 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.paidmembershipspro.com/2012/07/important-security-update-1-5/
http://www.securityfocus.com/bid/54443

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities