Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

paid_member_subscriptions

Source -

ADP

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2024-10261
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.84% / 73.81%
||
7 Day CHG+0.17%
Published-09 Nov, 2024 | 11:19
Updated-29 Jan, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Action-Not Available
Vendor-cozmoslabsmadalinungureanucozmoslabs
Product-membership_\&_content_restriction_-_paid_member_subscriptionsPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restrictionpaid_member_subscriptions
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-32728
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:59
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.

Action-Not Available
Vendor-Cozmoslabscozmoslabs
Product-Paid Member Subscriptionspaid_member_subscriptions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)