Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strangerstudios | Paid Memberships Pro | < 1.8.4.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132812/WordPress-Paid-Memberships-Pro-1.8.4ExploitThird Party AdvisoryVDB Entry
- http://www.paidmembershipspro.com/2015/07/pmpro-updates-1-8-4-3-and-1-8-4-4/Release NotesThird Party Advisory
- http://www.securityfocus.com/archive/1/536057/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://github.com/strangerstudios/paid-memberships-pro/commit/add03e3ed90e9163ePatchThird Party Advisory
- https://wordpress.org/plugins/paid-memberships-pro/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8109Third Party Advisory
- https://www.htbridge.com/advisory/HTB23264Broken Link
- http://packetstormsecurity.com/files/132812/WordPress-Paid-Memberships-Pro-1.8.4ExploitThird Party AdvisoryVDB Entry
- http://www.paidmembershipspro.com/2015/07/pmpro-updates-1-8-4-3-and-1-8-4-4/Release NotesThird Party Advisory
- http://www.securityfocus.com/archive/1/536057/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://github.com/strangerstudios/paid-memberships-pro/commit/add03e3ed90e9163ePatchThird Party Advisory
- https://wordpress.org/plugins/paid-memberships-pro/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8109Third Party Advisory
- https://www.htbridge.com/advisory/HTB23264Broken Link
FAQ
What is CVE-2015-5532?
CVE-2015-5532 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s ...
How severe is CVE-2015-5532?
CVE-2015-5532 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5532?
Check the references section above for vendor advisories and patch information. Affected products include: Strangerstudios Paid Memberships Pro.