Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction, CVE-2024-1390

CVE, Research URL: CVE-2024-1390
Home page URL: Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Application: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Published on: Feb 29, 2024
Research Description: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.
Affected versions: max 2.11.2.
Status: vulnerable

Paid Membership Subscriptions &#8211; Effortless Memberships, Recurring Payments &amp; Content Restriction, CVE-2024-1390