Overview

WordPress is vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.

Description

WordPress plugins post-grid, and paid-member-subscriptions are affected by the vulnerabilities tracked as CVE-2024-9636, and CVE-2024-12919 with a CVSS score of 9.8 each. The plugins are vulnerable due to the failure of the plugin to properly restrict what user meta can be updated during profile registration; and the use of user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. The vulnerabilities allow unauthenticated attackers to register on the site as an administrator; and log in as any user who has purchased on the targeted site.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to gain escalated privileges on the affected system.

Solution

WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-grid/post-grid-and-gutenberg-blocks-2285-233-unauthenticated-privilege-escalation
• 2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2137-authentication-bypass-via-pms-payment-id