CVE-2024-12919: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id

9.8 CVSS

Description

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

Classification

CVE ID: CVE-2024-12919

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: madalinungureanu

Product: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.74% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve
https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions

Timeline

2025-01-15 00:30:14 UTC
CVE

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Authentication Bypass via pms_payment_id