Is "Paid Memberships Pro" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

Paid Memberships Pro: Plugin Details

Type:	Plugin
Author:	Stranger Studios
URL:	https://wordpress.org/plugins/paid-memberships-pro/
Latest Version:	3.2.2

Paid Memberships Pro: Security Information

Insecure versions:	Up To 3.0.5
Known since:	2024-07-13 02:00:53

Insecure versions:	Up To 3.0.4
Known since:	2024-07-11 14:31:25

Insecure versions:	Up To 2.12.10
Known since:	2024-06-19 02:01:09

Insecure versions:	Up To 3.0.1
Known since:	2024-04-16 02:00:19

Insecure versions:	Up To 2.12.10
Known since:	2024-03-26 02:00:29

Insecure versions:	Up To 2.12.6
Known since:	2024-03-25 18:30:34

Insecure versions:	Up To 2.12.8
Known since:	2024-02-17 02:00:26

Insecure versions:	Up To 2.12.7
Known since:	2024-01-25 02:00:59

Insecure versions:	Up To 2.12.5
Known since:	2023-12-23 02:00:14

Insecure versions:	Up To 2.12.3
Known since:	2023-11-19 02:00:15

Insecure versions:	Up To 2.3.4
Known since:	2023-11-18 14:55:08

Insecure versions:	Up To 2.9.11
Known since:	2023-02-28 02:00:33

Insecure versions:	Up To 2.9.8
Known since:	2023-01-24 02:00:27

Insecure versions:	Up To 2.9.7
Known since:	2023-01-21 02:00:24

Insecure versions:	Up To 2.6.6
Known since:	2022-01-10 15:44:28

Insecure versions:	Up To 2.6.5
Known since:	2021-11-23 13:17:02

Insecure versions:	Up To 2.5.5
Known since:	2021-03-17 12:28:22
Description:	The Paid Membership Pro plugin versions before 2.5.7 has a vulnerability where a privileged user could performe SQL injection attacks when filtering users in the plugin dashboard.

Insecure versions:	Up To 2.5.2
Known since:	2021-02-08 13:26:42

Insecure versions:	Up To 2.5
Known since:	2020-12-07 14:31:36
Description:	Versions of this plugin before 2.5.1 are vulnerable to authenticated XSS attacks.

Insecure versions:	Up To 2.4.1
Known since:	2020-09-17 19:24:45
Description:	The plugins only check the CSRF nonce if it has been provided, making them vulnerable to CSRF attacks if the nonce is removed.

Insecure versions:	Up To 2.3.2
Known since:	2020-05-20 03:29:40
Description:	A high privileged user (administrator) could perform SQL injection attacks when adding new orders in the dashboard.

Insecure versions:	Up To 2.0.5
Known since:	2019-06-03 11:37:49

Insecure versions:	Up To 1.8.9.3
Known since:	2016-07-21 01:58:41
Description:	https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_paid_memberships_pro_wordpress_plugin.html

Insecure versions:	Up To 1.4.7
Known since:	2015-11-25 04:41:11

Insecure versions:	Up To 1.4.7
Known since:	2015-11-25 04:41:11

Paid Memberships Pro: Safety Recommendations

We have rated Paid Memberships Pro as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of Paid Memberships Pro.

Paid Memberships Pro: Staying Up-to-date

Make sure your installation of Paid Memberships Pro is safe with the following free Jetpack services for WordPress sites:

Updates & Management
Turn on auto-updates for Paid Memberships Pro or manage in bulk.
Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

Paid Memberships Pro: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

Automated Backups
Full backup of your entire site with unlimited storage space.
Restores & Migrations
Restore or migrate your site from a backup with one click.
Security Scanning
Regular, automated scans of your site for malware, threats, and hacks.
Expert Support
Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.