cbcvebase.
CVE-2024-1390
published 2024-02-29

CVE-2024-1390: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized…

PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.54%
41.2th percentile
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
cozmoslabsmembership_content_restriction_paid_member_subscriptions< 2.11.22.11.2
fortinetfortianalyzer
fortinetfortianalyzercloud
fortinetforticlientems
fortinetfortimanager
fortinetfortimanagercloud
fortinetfortinet
fortinetfortios
fortinetfortiproxy
msrcdynamics_365_field_service_v7_series
msrcmicrosoft_dynamics_365_business_central_2023_release_wave_1
msrcmicrosoft_dynamics_365_business_central_2023_release_wave_2
msrcmicrosoft_dynamics_365_business_central_2024_release_wave_1
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_11_version_21h2
msrcwindows_11_version_22h2
msrcwindows_11_version_23h2
msrcwindows_11_version_24h2
msrcwindows_server_2008
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vendor_msrc9.0CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.