CVE-2023-6187

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro plugin for WordPress versions up to, and including, 2.12.3

Description The issue arises from insufficient file type validation in the pmpro paypalexpress session vars for user fields function. This allows authenticated attackers with subscriber privileges or above to upload arbitrary files to the affected site's server, potentially enabling remote code execution. The vulnerability can be exploited when 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method, and a custom user field is added that is only visible at profile, not at checkout.

Recommendations For versions up to, and including, 2.12.3, update to a version that includes the fix for the insufficient file type validation in the pmpro paypalexpress session vars for user fields function. As a temporary workaround, consider disabling the pmpro paypalexpress session vars for user fields function until a patch is available. Restrict access to custom user fields that are only visible at profile to minimize the risk of exploitation. Avoid using the PayPal Express or 2Checkout payment methods until the issue is resolved.