cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12919,https://securityvulnerability.io/vulnerability/CVE-2024-12919,Authentication Bypass in Paid Membership Subscriptions Plugin for WordPress,"The Paid Membership Subscriptions plugin for WordPress is susceptible to an Authentication Bypass vulnerability across all versions prior to 2.13.7. The issue arises from the pms_pb_payment_redirect_link function, which inadequately uses the user-controlled 'pms_payment_id' parameter for user authentication, lacking sufficient identity validation. This flaw enables attackers to exploit knowledge of a valid payment ID to impersonate any user who has made a purchase on the compromised website, thereby gaining unauthorized access to their accounts.",Wordpress,"Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,false,false,false,2025-01-14T09:21:55.299Z,0
CVE-2024-10261,https://securityvulnerability.io/vulnerability/CVE-2024-10261,Unauthenticated Arbitrary Shortcode Execution Vulnerability in Effortless Memberships,"The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress contains a security flaw that permits arbitrary shortcode execution across all versions up to and including 2.13.0. This vulnerability arises from insufficient validation of user input prior to executing the do_shortcode function. Consequently, unauthenticated attackers can exploit this weakness to execute unauthorized shortcodes, potentially leading to a range of destructive actions within a WordPress site, including compromise of sensitive data and defacement of content.",Wordpress,"Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-09T11:19:45.940Z,0
CVE-2024-9222,https://securityvulnerability.io/vulnerability/CVE-2024-9222,Unauthenticated Attackers Can Trick Users into Executing arbitrary Web Scripts,"The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,"Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction",6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-02T07:35:28.153Z,0
CVE-2024-1389,https://securityvulnerability.io/vulnerability/CVE-2024-1389,Unauthorized Modification of Data in Paid Membership Subscriptions Plugin Due to Missing Capability Check,"The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.",Wordpress,"Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1390,https://securityvulnerability.io/vulnerability/CVE-2024-1390,Unauthorized Data Modification Vulnerability in Paid Membership Subscriptions Plugin for WordPress,"The Paid Membership Subscriptions plugin for WordPress has a vulnerability that allows authenticated users with subscriber access or higher to perform unauthorized data modifications. This vulnerability arises from a missing capability check in the creating_pricing_table_page function, impacting all versions up to and including 2.11.1. Exploiting this weakness enables attackers to create and manipulate pricing tables, potentially leading to undesirable changes in subscription plans. Website owners utilizing this plugin should take immediate action to mitigate this risk by updating to the latest version and reviewing user roles and permissions.",Wordpress,"Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0