cbcvebase.

Cozmoslabs Membership Content Restriction Paid Member Subscriptions vulnerabilities

7 known vulnerabilities affecting cozmoslabs/membership_content_restriction_paid_member_subscriptions.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-12919P2CRITICALCVSS 9.8fixed in 2.13.82025-01-14
CVE-2024-12919 [CRITICAL] CWE-287 CVE-2024-12919: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authen
nvd
CVE-2021-24728P3HIGHCVSS 8.8fixed in 2.4.22021-09-13
CVE-2021-24728 [HIGH] CWE-89 CVE-2021-24728: The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did n The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
nvd
CVE-2024-10261P3HIGHCVSS 7.3fixed in 2.13.12024-11-09
CVE-2024-10261 [HIGH] CWE-94 CVE-2024-10261: The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restric The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. Th
nvd
CVE-2024-1389P4MEDIUMCVSS 5.3fixed in 2.11.22024-02-29
CVE-2024-1389 [MEDIUM] CWE-862 CVE-2024-1389: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenti
nvd
CVE-2024-11291P4MEDIUMCVSS 5.3fixed in 2.13.52024-12-18
CVE-2024-11291 [MEDIUM] CWE-200 CVE-2024-11291: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that ha
nvd
CVE-2024-9222P4MEDIUMCVSS 6.1fixed in 2.12.92024-10-02
CVE-2024-9222 [MEDIUM] CWE-79 CVE-2024-9222: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arb
nvd
CVE-2024-1390P4MEDIUMCVSS 4.3fixed in 2.11.22024-02-29
CVE-2024-1390 [MEDIUM] CWE-862 CVE-2024-1390: The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with
nvd
Cozmoslabs Membership Content Restriction Paid Member Subscriptions vulnerabilities | cvebase