Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.7 - Contournement d'authentification via pms_payment_id
Plateforme
wordpress
Composant
paid-member-subscriptions
Corrigé dans
2.13.8
CVE-2024-12919 represents a critical Authentication Bypass vulnerability affecting the Paid Membership Subscriptions plugin for WordPress. An attacker can leverage a valid payment ID to gain unauthorized access and impersonate any user on the affected site. This vulnerability impacts versions up to and including 2.13.7. A patch is available from the vendor.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Impact et Scénarios d'Attaquetraduction en cours…
This vulnerability allows unauthenticated attackers to bypass the authentication process entirely. By exploiting the pmspbpaymentredirectlink function with a known payment ID, an attacker can effectively log in as any user who has previously made a purchase on the WordPress site. This grants them full access to the impersonated user's account, including sensitive data, administrative privileges (if the user has them), and the ability to perform actions on behalf of that user. The potential impact includes data breaches, unauthorized modifications to content, and complete compromise of the WordPress site’s user accounts.
Contexte d'Exploitationtraduction en cours…
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.8 (CRITICAL). While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the high potential impact make it a high-priority vulnerability. It is likely to be targeted by malicious actors. The CVE was published on 2025-01-14.
Qui Est à Risquetraduction en cours…
WordPress sites utilizing the Paid Membership Subscriptions plugin, particularly those with e-commerce functionality or subscription models, are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider are also at increased risk due to potential delays in patching.
Étapes de Détectiontraduction en cours…
• wordpress / composer / npm:
grep -r 'pms_pb_payment_redirect_link' /var/www/html/wp-content/plugins/paid-membership-subscriptions/• wordpress / composer / npm:
wp plugin list --status=active | grep 'Paid Membership Subscriptions'• wordpress / composer / npm:
wp plugin update --all• generic web:
Check for the existence of the /wp-content/plugins/paid-membership-subscriptions/ directory.
Chronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.11% (percentile 30%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Informations sur le paquet
- Installations actives
- 10KPopulaire
- Note du plugin
- 4.7
- Nécessite WordPress
- 3.1+
- Compatible jusqu'à
- 7.0
- Nécessite PHP
- 7.4+
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation is to immediately upgrade the Paid Membership Subscriptions plugin to a version higher than 2.13.7, as the vendor has released a patch to address this vulnerability. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a temporary workaround by restricting access to the pmspbpaymentredirectlink endpoint. This could involve implementing stricter input validation or requiring additional authentication steps for users accessing this functionality. After upgrading, verify the fix by attempting to access a user account using a known payment ID without proper authentication; access should be denied.
Comment corriger
Mettez à jour le plugin Paid Membership Subscriptions à la dernière version disponible. La vulnérabilité est présente dans les versions antérieures à la 2.13.8. La mise à jour corrigera la faille d'authentification.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2024-12919 — Authentication Bypass in Paid Membership Subscriptions?
CVE-2024-12919 is a critical vulnerability in the Paid Membership Subscriptions plugin for WordPress that allows attackers to bypass authentication using a valid payment ID.
Am I affected by CVE-2024-12919 in Paid Membership Subscriptions?
You are affected if you are using Paid Membership Subscriptions plugin versions 2.13.7 or earlier. Upgrade immediately.
How do I fix CVE-2024-12919 in Paid Membership Subscriptions?
Upgrade the Paid Membership Subscriptions plugin to a version higher than 2.13.7. If upgrading is not possible, implement temporary workarounds like restricting access to the vulnerable endpoint.
Is CVE-2024-12919 being actively exploited?
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Where can I find the official Paid Membership Subscriptions advisory for CVE-2024-12919?
Refer to the official Paid Membership Subscriptions plugin website or WordPress.org plugin repository for the latest advisory and patch information.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.