GCVE - cpe:2.3:a:cozmoslabs:paid_member_subscriptions:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cozmoslabs:paid_member_subscriptions:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cozmoslabs (`a6cf7c48-9910-5089-9ac0-ffa6c9be99f9`)
Product	Paid Member Subscriptions (`a981436c-cb29-5fc7-a32c-554fe7a9b2f2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-68514`	vulnerable	2026-06-03 15:11:03.433065	WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability MEDIUM (6.5) Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8. Published: 2026-02-20T15:46:38.821Z Updated: 2026-04-29T09:51:56.748Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-plugin-2-16-8-insecure-direct-object-references-idor-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-58600`	vulnerable	2026-06-03 15:06:22.148646	WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9. Published: 2025-09-03T14:36:39.436Z Updated: 2026-05-13T00:07:07.369Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-plugin-2-15-9-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-54017`	vulnerable	2026-06-03 15:03:55.455752	WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability HIGH (7.5) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.4. Published: 2025-08-20T08:03:03.218Z Updated: 2026-04-28T16:13:28.662Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-4-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-49870`	vulnerable	2026-06-03 15:01:46.200927	WordPress Paid Member Subscriptions plugin <= 2.15.1 - SQL Injection Vulnerability HIGH (7.5) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1. Published: 2025-07-04T11:17:58.496Z Updated: 2026-05-12T00:28:18.170Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-15-1-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-31088`	vulnerable	2026-06-03 15:00:30.185870	WordPress Paid Member Subscriptions plugin <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3. Published: 2025-03-28T09:39:54.682Z Updated: 2026-05-11T23:57:30.153Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-2-14-3-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-32728`	vulnerable	2026-06-03 14:55:47.858399	WordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. Published: 2024-04-24T14:59:22.522Z Updated: 2026-04-28T16:09:39.987Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/paid-member-subscriptions/wordpress-paid-membership-subscriptions-plugin-2-11-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10261`	vulnerable	2026-06-03 14:54:05.211779	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution HIGH (7.3) The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. Published: 2024-11-09T11:19:45.940Z Updated: 2026-04-08T17:31:07.721Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve https://plugins.trac.wordpress.org/changeset/3182968/paid-member-subscriptions	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51522`	vulnerable	2026-06-03 14:53:32.393613	WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. Published: 2024-03-15T14:21:49.623Z Updated: 2026-04-28T16:09:03.623Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/paid-member-subscriptions/wordpress-paid-membership-subscriptions-plugin-2-10-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Paid Member Subscriptions

PURL mappings

Vulnerability references

Contribute