Security Advisory

CVE-2025-11835

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-05 03:27:57

Last updated 2026-04-08 17:31:09

Assigner Wordfence

State PUBLISHED

Description

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler::process_payment() function in all versions up to, and including, 2.16.4. This makes it possible for unauthenticated attackers to trigger stored auto-renew charges for arbitrary members.

← Browse all CVEs View on cve.org ↗