CVE-2025-11835 | Paid Membership Subscriptions Plugin up to 2.16.4 on WordPress process_payment authorization

Inserito da Angelo Barbosa | Nov 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in Paid Membership Subscriptions Plugin up to 2.16.4 on WordPress. The affected element is the function PMS_AJAX_Checkout_Handler::process_payment. Such manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2025-11835. The attack can be launched remotely. No exploit exists.

CVE-2025-11835 | Paid Membership Subscriptions Plugin up to 2.16.4 on WordPress process_payment authorization

Post correlati

CVE-2024-48949 | Elliptic Package up to 6.5.5 on Node.js index.js verify Privilege Escalation

CVE-2024-48881 | Linux Kernel up to 6.12.4 cache_set_flush null pointer dereference

CVE-2024-24431 | Open5GS 2.7.0 EMM Message ogs_nas_emm_decode denial of service

CVE-2025-49219 | Trend Micro Apex Central GetReportDetailView deserialization