Arbitrary File Upload Vulnerability in Paid Memberships Pro Plugin for WordPress
CVE-2023-6187

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Vendor: CVE Published:; 18 November 2023

Summary

The Paid Memberships Pro plugin for WordPress is affected by a vulnerability allowing authenticated users with subscriber privileges or higher to upload arbitrary files. This occurs due to inadequate file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function. If the payment method is set to PayPal Express or the deprecated 2Checkout and a custom user field is configured to be visible in the profile, attackers can exploit this vulnerability to potentially execute remote code on the affected site's server.

Affected Version(s)

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions * <= 2.12.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/paid-membershi...

https://www.paidmembershipspro.com/pmpro-update-2-12-4/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

István Márton