CVE-2024-1390

Name of the Vulnerable Software and Affected Versions Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1

Description The issue is related to unauthorized modification of data due to a missing capability check on the creating pricing table page function. This allows authenticated attackers with subscriber access or higher to create pricing tables.

Recommendations For versions up to, and including, 2.11.1, update to a version higher than 2.11.1 to resolve the issue. As a temporary workaround, consider disabling the creating pricing table page function until a patch is available. Restrict access to the pricing table creation feature to minimize the risk of exploitation.