A plugin called Paid Memberships Pro, which is used for restricting content, registering users, and managing paid subscriptions on WordPress websites, has a security vulnerability. This means that in all versions up to version 3.0.1, there is a risk of Cross-Site Request Forgery. This is because the plugin does not properly check for a security code called a “nonce” when using the function pmpro_update_level_group_order(). This allows hackers without proper authentication to change the order of subscription levels by tricking a site administrator into clicking a link.