Vulnerability Details CVE-2015-5532
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/132812/WordPress-Paid-Memberships-Pro-1.8.4.2-Cross-Site-Scripting.html
- http://www.paidmembershipspro.com/2015/07/pmpro-updates-1-8-4-3-and-1-8-4-4/
- http://www.securityfocus.com/archive/1/536057/100/0/threaded
- https://github.com/strangerstudios/paid-memberships-pro/commit/add03e3ed90e9163e5a46e20e6c371a87ff5a677
- https://wordpress.org/plugins/paid-memberships-pro/#developers
- https://wpvulndb.com/vulnerabilities/8109
- https://www.htbridge.com/advisory/HTB23264
- http://packetstormsecurity.com/files/132812/WordPress-Paid-Memberships-Pro-1.8.4.2-Cross-Site-Scripting.html
- http://www.paidmembershipspro.com/2015/07/pmpro-updates-1-8-4-3-and-1-8-4-4/
- http://www.securityfocus.com/archive/1/536057/100/0/threaded
- https://github.com/strangerstudios/paid-memberships-pro/commit/add03e3ed90e9163e5a46e20e6c371a87ff5a677
- https://wordpress.org/plugins/paid-memberships-pro/#developers
- https://wpvulndb.com/vulnerabilities/8109
- https://www.htbridge.com/advisory/HTB23264
Products affected by CVE-2015-5532
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:-
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.15
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.1.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.2.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.14
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.15
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.16
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.17
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.17.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.18
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.18.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.19
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.3.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.5.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.4.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.6.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.5.9.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6.0.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.6.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.0.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.10.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.11
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.12
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.13
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.13.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.14.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.15
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.15.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.15.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.3.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.5
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.7
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.8.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.9
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.7.9.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.2.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.2.2
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.3
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.3.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.4
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.4.1
-
cpe:2.3:a:strangerstudios:paid_memberships_pro:1.8.4.2