Vulnerabilities > Cozmoslabs > Membership Content Restriction Paid Member Subscriptions

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-12919 Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7.
network
low complexity
cozmoslabs
critical
9.8
2024-12-18 CVE-2024-11291 Information Exposure vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature.
network
low complexity
cozmoslabs CWE-200
5.3
2024-10-02 CVE-2024-9222 Cross-site Scripting vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8.
network
low complexity
cozmoslabs CWE-79
6.1
2021-09-13 CVE-2021-24728 Unspecified vulnerability in Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
network
low complexity
cozmoslabs
8.8