Authentication Bypass in Paid Membership Subscriptions Plugin for WordPress
CVE-2024-12919

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Vendor: CVE Published:; 14 January 2025

Summary

The Paid Membership Subscriptions plugin for WordPress is susceptible to an Authentication Bypass vulnerability across all versions prior to 2.13.7. The issue arises from the pms_pb_payment_redirect_link function, which inadequately uses the user-controlled 'pms_payment_id' parameter for user authentication, lacking sufficient identity validation. This flaw enables attackers to exploit knowledge of a valid payment ID to impersonate any user who has made a purchase on the compromised website, thereby gaining unauthorized access to their accounts.

Affected Version(s)

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction * <= 2.13.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3214706/paid...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 24, 2024

Credit

wesley