CVE-2020-36754

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36754
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36754.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-36754
Published
2023-10-20T08:15:11Z
Modified
2024-09-03T03:30:54.000989Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpropagesave() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

References

Affected packages

Git / github.com/strangerstudios/paid-memberships-pro

Affected ranges

Type
GIT
Repo
https://github.com/strangerstudios/paid-memberships-pro
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

archive/v1.*

archive/v1.9.4

relase-1.*

relase-1.8.5.2

release-1.*

release-1.7.10
release-1.7.10.1
release-1.7.10.2
release-1.7.11
release-1.7.12
release-1.7.13
release-1.7.14
release-1.7.14.1
release-1.7.15
release-1.7.15.1
release-1.7.15.2
release-1.8
release-1.8.1
release-1.8.10
release-1.8.10.1
release-1.8.10.2
release-1.8.10.3
release-1.8.10.4
release-1.8.11
release-1.8.11.1
release-1.8.11.2
release-1.8.12
release-1.8.12.1
release-1.8.13
release-1.8.13.1
release-1.8.13.2
release-1.8.13.3
release-1.8.13.4
release-1.8.13.5
release-1.8.13.6
release-1.8.2
release-1.8.2.2
release-1.8.3
release-1.8.4
release-1.8.4.2
release-1.8.4.3
release-1.8.4.4
release-1.8.4.5
release-1.8.5
release-1.8.5.1
release-1.8.5.3
release-1.8.5.4
release-1.8.5.5
release-1.8.5.6
release-1.8.6
release-1.8.6.3
release-1.8.6.4
release-1.8.6.5
release-1.8.6.6
release-1.8.6.7
release-1.8.6.8
release-1.8.7
release-1.8.7.3
release-1.8.8
release-1.8.8.1
release-1.8.8.3
release-1.8.9
release-1.8.9.1
release-1.8.9.2
release-1.9
release-1.9.1
release-1.9.2
release-1.9.2.1
release-1.9.3
release-1.9.4
release-1.9.4.1
release-1.9.4.2
release-1.9.4.3
release-1.9.4.4
release-1.9.5
release-1.9.5.1
release-1.9.5.4

release-v1.*

release-v1.7.9
release-v1.7.9.1
release-v1.8.2.1

v1.*

v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.8.1
v1.7.8.2
v1.9.5.2
v1.9.5.3
v1.9.5.5

v2.*

v2.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1
v2.1-Beta1
v2.1-Beta2
v2.1-RC1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.3-RC1
v2.3-RC2
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4
v2.4.1
v2.4.2