CVE-2023-6855
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-6855
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6855.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-6855
- Published
- 2024-01-11T09:15:52Z
- Modified
- 2025-06-03T15:50:24.547635Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmprorestapigetpermissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.
- References
-
- https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L528
- https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.php#L997
- https://plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.php?contextall=1&old=2947813&old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve
Affected packages
Git / github.com/strangerstudios/paid-memberships-pro
Affected ranges
- Type
- GIT
- Repo
- https://github.com/strangerstudios/paid-memberships-pro
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
2.*
2.10
2.10-RC1
2.10-RC2
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11
2.11.1
2.11.2
2.12
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.5.10
2.5.10.1
2.5.10.2
2.6
2.6.1
2.6.1.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.7
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8
2.8.1
2.8.2
2.8.3
2.9
2.9.1
2.9.10
2.9.11
2.9.12
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
archive/v1.*
archive/v1.9.4
relase-1.*
relase-1.8.5.2
release-1.*
release-1.7.10
release-1.7.10.1
release-1.7.10.2
release-1.7.11
release-1.7.12
release-1.7.13
release-1.7.14
release-1.7.14.1
release-1.7.15
release-1.7.15.1
release-1.7.15.2
release-1.8
release-1.8.1
release-1.8.10
release-1.8.10.1
release-1.8.10.2
release-1.8.10.3
release-1.8.10.4
release-1.8.11
release-1.8.11.1
release-1.8.11.2
release-1.8.12
release-1.8.12.1
release-1.8.13
release-1.8.13.1
release-1.8.13.2
release-1.8.13.3
release-1.8.13.4
release-1.8.13.5
release-1.8.13.6
release-1.8.2
release-1.8.2.2
release-1.8.3
release-1.8.4
release-1.8.4.2
release-1.8.4.3
release-1.8.4.4
release-1.8.4.5
release-1.8.5
release-1.8.5.1
release-1.8.5.3
release-1.8.5.4
release-1.8.5.5
release-1.8.5.6
release-1.8.6
release-1.8.6.3
release-1.8.6.4
release-1.8.6.5
release-1.8.6.6
release-1.8.6.7
release-1.8.6.8
release-1.8.7
release-1.8.7.3
release-1.8.8
release-1.8.8.1
release-1.8.8.3
release-1.8.9
release-1.8.9.1
release-1.8.9.2
release-1.9
release-1.9.1
release-1.9.2
release-1.9.2.1
release-1.9.3
release-1.9.4
release-1.9.4.1
release-1.9.4.2
release-1.9.4.3
release-1.9.4.4
release-1.9.5
release-1.9.5.1
release-1.9.5.4
release-v1.*
release-v1.7.9
release-v1.7.9.1
release-v1.8.2.1
v1.*
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.8.1
v1.7.8.2
v1.9.5.2
v1.9.5.3
v1.9.5.5
v2.*
v2.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1
v2.1-Beta1
v2.1-Beta2
v2.1-RC1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.3-RC1
v2.3-RC2
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.5.9.1