Medium severity5.3NVD Advisory· Published Jan 11, 2024· Updated Apr 8, 2026
CVE-2023-6855
CVE-2023-6855
Description
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.
Affected products
1- cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*Range: <=2.12.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.phpnvdIssue Tracking
- plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/rest-api.phpnvdIssue Tracking
- plugins.trac.wordpress.org/changeset/3011575/paid-memberships-pro/trunk/includes/rest-api.phpnvdIssue Tracking
News mentions
0No linked articles in our index yet.