CVE-2024-51815: WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - R...

9.0 CVSS

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.

Classification

CVE ID: CVE-2024-51815

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

Affected Products

Vendor: WP Sharks

Product: s2Member Pro

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/s2member/vulnerability/wordpress-s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-plugin-241114-remote-code-execution-rce-vulnerability?_s_id=cve

Timeline

2024-12-07 00:31:25 UTC
CVE

WordPress s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241114 - R...