CVE-2024-12919

{"id": "CVE-2024-12919", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T10:15:07.250", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site."}, {"lang": "es", "value": "El complemento Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 2.13.7 incluida. Esto se debe a que la funci\u00f3n pms_pb_payment_redirect_link utiliza el valor controlado por el usuario proporcionado a trav\u00e9s del par\u00e1metro 'pms_payment_id' para autenticar a los usuarios sin ninguna validaci\u00f3n de identidad adicional. Esto hace posible que los atacantes no autenticados con conocimiento de una identificaci\u00f3n de pago v\u00e1lida inicien sesi\u00f3n como cualquier usuario que haya realizado una compra en el sitio de destino."}], "lastModified": "2025-01-22T17:29:01.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:membership_\\&_content_restriction_-_paid_member_subscriptions:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DE62E63B-56E3-44E0-A4AE-C5F64D92CA1F", "versionEndExcluding": "2.13.8"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}