cleantalk
Vulnerabilities and Security Researches

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction, CVE-2024-1389

CVE, Research URL

CVE-2024-1389

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Published on
Feb 29, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.
Affected versions
Min -, max 2.11.2.
Status
vulnerable
Previous vulnerability researches
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-11291) , Dec 19, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-12919) , Jan 15, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-31088) , Apr 02, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2021-24728) , Jun 07, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-32728) , Jun 07, 2024
New vulnerability
Glossary by WPPedia – Best Glossary plugin for WordPress (CVE-2025-4803) , May 28, 2025
Import Social Events (CVE-2025-48256) , May 28, 2025
MStore API (CVE-2025-4683) , May 28, 2025
WP Statistics , May 27, 2025
Hostinger , May 27, 2025