WordPress Plugin Vulnerabilities

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.13.8 - Authentication Bypass via pms_payment_id

Description

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

Affects Plugins

Plugin icon
paid-member-subscriptions
Fixed in 2.13.8

References

CVE
CVE-2024-12919
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
wesley (wcraft)
Verified
No
WPVDB ID
9c52938f-3d86-46cb-b290-8a5b3d53a030

Timeline

Publicly Published
2025-01-13 (about 1 year ago)
Added
2025-01-13 (about 1 year ago)
Last Updated
2025-01-14 (about 1 year ago)

Other

Published
Title
Published
2024-07-19
Title
WooCommerce - Social Login < 2.7.4 - Unauthenticated Authentication Bypass
Published
2014-08-01
Title
WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass
Published
2018-11-27
Title
Woo Confirmation Email < 3.2.0 - Missing Access Controls to View Uploaded files
Published
2025-04-24
Title
JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins
Published
2016-12-23
Title
BuddyPress 2.0-2.7.3 - Arbitrary File Deletion