Summary
The Paid Memberships Pro plugin for WordPress is prone to an information- disclosure vulnerability because it fails to sufficiently validate user- supplied data.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
Paid Memberships Pro 1.4.7 is vulnerable
other versions may also
be affected.
Solution
Vendor updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability