Platform
wordpress
Component
paid-member-subscriptions
Opgelost in
2.13.8
CVE-2024-12919 represents a critical Authentication Bypass vulnerability affecting the Paid Membership Subscriptions plugin for WordPress. An attacker can leverage a valid payment ID to gain unauthorized access and impersonate any user on the affected site. This vulnerability impacts versions up to and including 2.13.7. A patch is available from the vendor.
This vulnerability allows unauthenticated attackers to bypass the authentication process entirely. By exploiting the pmspbpaymentredirectlink function with a known payment ID, an attacker can effectively log in as any user who has previously made a purchase on the WordPress site. This grants them full access to the impersonated user's account, including sensitive data, administrative privileges (if the user has them), and the ability to perform actions on behalf of that user. The potential impact includes data breaches, unauthorized modifications to content, and complete compromise of the WordPress site’s user accounts.
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.8 (CRITICAL). While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the high potential impact make it a high-priority vulnerability. It is likely to be targeted by malicious actors. The CVE was published on 2025-01-14.
WordPress sites utilizing the Paid Membership Subscriptions plugin, particularly those with e-commerce functionality or subscription models, are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider are also at increased risk due to potential delays in patching.
• wordpress / composer / npm:
grep -r 'pms_pb_payment_redirect_link' /var/www/html/wp-content/plugins/paid-membership-subscriptions/• wordpress / composer / npm:
wp plugin list --status=active | grep 'Paid Membership Subscriptions'• wordpress / composer / npm:
wp plugin update --all• generic web:
Check for the existence of the /wp-content/plugins/paid-membership-subscriptions/ directory.
disclosure
Exploit Status
EPSS
0.11% (30% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade the Paid Membership Subscriptions plugin to a version higher than 2.13.7, as the vendor has released a patch to address this vulnerability. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a temporary workaround by restricting access to the pmspbpaymentredirectlink endpoint. This could involve implementing stricter input validation or requiring additional authentication steps for users accessing this functionality. After upgrading, verify the fix by attempting to access a user account using a known payment ID without proper authentication; access should be denied.
Werk de plugin Paid Membership Subscriptions bij naar de meest recente beschikbare versie. De kwetsbaarheid is aanwezig in versies ouder dan 2.13.8. De update corrigeert de authenticatiefout.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-12919 is a critical vulnerability in the Paid Membership Subscriptions plugin for WordPress that allows attackers to bypass authentication using a valid payment ID.
You are affected if you are using Paid Membership Subscriptions plugin versions 2.13.7 or earlier. Upgrade immediately.
Upgrade the Paid Membership Subscriptions plugin to a version higher than 2.13.7. If upgrading is not possible, implement temporary workarounds like restricting access to the vulnerable endpoint.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the official Paid Membership Subscriptions plugin website or WordPress.org plugin repository for the latest advisory and patch information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.