Security Links
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.

Akamai Blog

Visit the Akamai Blog to learn more about what's going on in cybersecurity. Learn about our products and how we provide solutions to our customers.

Highlights

  • A blog covering a comprehensive range of cybersecurity topics.
Visit Website
Listed: