cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forpaid-member-subscriptions paid-member-subscriptions

Direction: descending
Apr 02, 2025

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2025-31088

CVE, Research URL

CVE-2025-31088

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Mar 28, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3.
Affected versions
Min -, max -.
Status
vulnerable
Jan 15, 2025

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-12919

CVE, Research URL

CVE-2024-12919

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Jan 14, 2025
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.
Affected versions
Min -, max -.
Status
vulnerable
Dec 19, 2024

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-11291

CVE, Research URL

CVE-2024-11291

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Dec 18, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
Affected versions
Min -, max -.
Status
vulnerable
Nov 09, 2024

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-10261

CVE, Research URL

CVE-2024-10261

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Nov 09, 2024
Research Description
The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min -, max -.
Status
vulnerable
Oct 03, 2024

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-9222

CVE, Research URL

CVE-2024-9222

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Oct 02, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable
Jun 07, 2024

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2021-24728

CVE, Research URL

CVE-2021-24728

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Sep 13, 2021
Research Description
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
Affected versions
Min -, max -.
Status
vulnerable

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-32728

CVE, Research URL

CVE-2024-32728

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Apr 24, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.
Affected versions
Min -, max -.
Status
vulnerable

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2023-51522

CVE, Research URL

CVE-2023-51522

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Mar 15, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.
Affected versions
Min -, max -.
Status
vulnerable

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-1390

CVE, Research URL

CVE-2024-1390

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Feb 29, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.
Affected versions
Min -, max -.
Status
vulnerable

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction # CVE-2024-1389

CVE, Research URL

CVE-2024-1389

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Date
Feb 29, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.
Affected versions
Min -, max -.
Status
vulnerable