CVE-2024-12919
📋 TL;DR
This vulnerability allows unauthenticated attackers to bypass authentication in the Paid Membership Subscriptions WordPress plugin by using a known payment ID. Attackers can log in as any user who has made a purchase on the site. All WordPress sites using this plugin up to version 2.13.7 are affected.
💻 Affected Systems
- Paid Membership Subscriptions WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise where attackers gain administrative access, steal sensitive user data, modify content, and install backdoors.
Likely Case
Attackers gain access to user accounts, potentially accessing paid content, personal information, and performing actions as authenticated users.
If Mitigated
With proper monitoring and access controls, unauthorized access is detected quickly and limited to specific user accounts rather than administrative functions.
🎯 Exploit Status
Exploitation requires knowledge of valid payment IDs, which could be obtained through information disclosure vulnerabilities or brute force attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.13.8
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3214706/paid-member-subscriptions
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Paid Member Subscriptions'. 4. Click 'Update Now' if available, or download version 2.13.8+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate paid-member-subscriptions
Web Application Firewall Rule
allBlock requests containing pms_payment_id parameter
Add WAF rule to block requests with 'pms_payment_id' parameter
🧯 If You Can't Patch
- Implement strict IP-based rate limiting on authentication endpoints
- Enable detailed logging of all authentication attempts and monitor for suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Paid Member Subscriptions version 2.13.7 or lowerCheck Version:
wp plugin get paid-member-subscriptions --field=versionVerify Fix Applied:
Verify plugin version is 2.13.8 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login with payment ID parameter
- Unusual user agent strings accessing authentication endpoints
- Requests containing 'pms_payment_id' parameter in URL or POST data
Network Indicators:
- Unusual spikes in traffic to /wp-admin/admin-ajax.php or plugin-specific endpoints
- Requests with pms_payment_id parameter from unexpected IP ranges
SIEM Query:
source="wordpress.log" AND ("pms_payment_id" OR "admin-ajax.php") AND (status=200 OR "logged_in")