Paid Memberships Pro CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-1286	2 Paidmembershipspro, Strangerstudios	2 Maps, Paid Memberships Pro	2025-08-29	4.9 Medium
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
CVE-2024-1287	2 Paidmembershipspro, Strangerstudios	2 Paid Memberships Pro, Paid Memberships Pro	2025-08-27	6.5 Medium
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.
CVE-2024-37277	2 Paidmembershipspro, Strangerstudios	2 Paid Memberships Pro, Paid Memberships Pro	2025-01-22	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.
CVE-2024-30514	1 Paidmembershipspro	1 Paid Memberships Pro	2024-11-21	5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1.

Page 1 of 1.