CVE-2024-12919

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cozmoslabs:membership_\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-01-14 10:15

Updated : 2025-01-22 17:29

NVD link : CVE-2024-12919

Mitre link : CVE-2024-12919

CVE.ORG link : CVE-2024-12919

JSON object : View

Products Affected

cozmoslabs

membership_\&_content_restriction_-_paid_member_subscriptions

CWE

CWE-287

Improper Authentication

NVD-CWE-Other

{"id": "CVE-2024-12919", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T10:15:07.250", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site."}, {"lang": "es", "value": "El complemento Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 2.13.7 incluida. Esto se debe a que la funci\u00f3n pms_pb_payment_redirect_link utiliza el valor controlado por el usuario proporcionado a trav\u00e9s del par\u00e1metro 'pms_payment_id' para autenticar a los usuarios sin ninguna validaci\u00f3n de identidad adicional. Esto hace posible que los atacantes no autenticados con conocimiento de una identificaci\u00f3n de pago v\u00e1lida inicien sesi\u00f3n como cualquier usuario que haya realizado una compra en el sitio de destino."}], "lastModified": "2025-01-22T17:29:01.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DE62E63B-56E3-44E0-A4AE-C5F64D92CA1F", "versionEndExcluding": "2.13.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}