Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-58600

CVE-2025-58600: Paid Member Subscriptions Auth Bypass

CVE-2025-58600 is an authorization bypass flaw in Paid Member Subscriptions by Cozmoslabs, affecting versions up to 2.15.9. Attackers can exploit misconfigured access controls. This article covers technical details, impact, and mitigation.

Published:

CVE-2025-58600 Overview

CVE-2025-58600 is a Missing Authorization vulnerability [CWE-862] affecting the Cozmoslabs Paid Member Subscriptions plugin for WordPress. The flaw resides in access control security levels that are incorrectly configured, allowing attackers to interact with functionality that should be restricted. The issue affects all versions of the paid-member-subscriptions plugin up to and including 2.15.9.

The vulnerability is network-exploitable and requires no authentication or user interaction. Successful exploitation results in a limited availability impact against the affected WordPress site.

Critical Impact

Unauthenticated network attackers can exploit incorrectly configured access control security levels in the Paid Member Subscriptions plugin, producing a limited availability impact on affected WordPress installations.

Affected Products

  • Cozmoslabs Paid Member Subscriptions plugin for WordPress
  • All versions from initial release through 2.15.9
  • WordPress sites relying on the plugin for membership access control

Discovery Timeline

  • 2025-09-03 - CVE-2025-58600 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-58600

Vulnerability Analysis

The Paid Member Subscriptions plugin implements access control security levels that gate functionality intended for authorized members and administrators. CVE-2025-58600 arises because one or more of these access control checks are missing or incorrectly configured, resulting in a broken access control condition tracked under CWE-862: Missing Authorization.

An unauthenticated remote attacker can send crafted HTTP requests to the affected endpoints without presenting credentials. Because the plugin does not correctly verify the caller's authorization level, requests that should be rejected are processed. The scope is unchanged, and the confirmed impact is limited to availability of the affected component.

EPSS data places the probability of exploitation activity at 0.33% with a percentile of 24.992, and no public exploit or CISA KEV listing exists at the time of publication.

Root Cause

The root cause is an incorrectly configured access control security level within the plugin's request handling logic. The plugin fails to enforce a capability or role check before executing sensitive operations, so identity claims from the request are effectively trusted without validation. This pattern is common in WordPress plugins that rely on nonces or hook registration without a paired current_user_can() check.

Attack Vector

An attacker delivers HTTP requests to the vulnerable WordPress site over the network. No authentication, elevated privileges, or user interaction are required. The attacker targets plugin endpoints that expose functionality gated by the misconfigured access control level and triggers behavior that degrades availability of that functionality.

No verified proof-of-concept code is publicly available. Refer to the Patchstack Vulnerability Report for additional technical detail.

Detection Methods for CVE-2025-58600

Indicators of Compromise

  • Unauthenticated HTTP POST or GET requests targeting Paid Member Subscriptions plugin endpoints under /wp-admin/admin-ajax.php or plugin-specific routes.
  • Unexpected changes to membership records, subscription states, or plugin-managed settings without corresponding administrator logins.
  • Web server logs showing repeated requests to plugin actions from anonymous sessions.

Detection Strategies

  • Inventory WordPress sites and identify installations running paid-member-subscriptions version 2.15.9 or earlier.
  • Enable WordPress audit logging to record plugin action invocations and correlate them with authenticated session identifiers.
  • Review web application firewall (WAF) logs for anomalous access patterns to plugin endpoints originating from unauthenticated sources.

Monitoring Recommendations

  • Alert on high-frequency requests to admin-ajax.php actions associated with the plugin from single source IPs.
  • Monitor for modifications to subscription and membership database tables outside of expected administrative windows.
  • Track plugin version drift across managed WordPress fleets to ensure timely remediation.

How to Mitigate CVE-2025-58600

Immediate Actions Required

  • Update the Paid Member Subscriptions plugin to a version later than 2.15.9 as soon as a fixed release is available from Cozmoslabs.
  • Restrict access to WordPress administrative and AJAX endpoints using IP allowlists or authentication proxies where feasible.
  • Audit membership and subscription records for unauthorized modifications introduced prior to remediation.

Patch Information

Refer to the Patchstack Vulnerability Report for vendor-provided fix guidance and the specific patched version. Apply the vendor-supplied update through the WordPress plugin update mechanism.

Workarounds

  • Deploy WAF rules that block unauthenticated requests to the vulnerable plugin actions until the update is applied.
  • Temporarily deactivate the Paid Member Subscriptions plugin on non-production or low-traffic sites where feasible.
  • Enforce strong role separation and remove unused administrator accounts to reduce the blast radius of any related access control weakness.
bash
# Configuration example: identify affected WordPress installations using WP-CLI
wp plugin get paid-member-subscriptions --field=version
wp plugin update paid-member-subscriptions

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.