Description
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to update an order status to paid. WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions version 3.0.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.5 or latest
References
Related Vulnerabilities
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.7)
OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0285)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9514)
WordPress Plugin Facebook for WooCommerce Cross-Site Request Forgery (1.9.14)