cleantalk
Vulnerabilities and Security Researches

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction, CVE-2025-11835

CVE, Research URL

CVE-2025-11835

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Published on
Nov 05, 2025
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler::process_payment() function in all versions up to, and including, 2.16.4. This makes it possible for unauthenticated attackers to trigger stored auto-renew charges for arbitrary members.
Affected versions
max 2.16.5.
Status
vulnerable
Previous vulnerability researches
Post List Featured Image (CVE-2025-62937) , Nov 11, 2025
New vulnerability
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025