Skip to main content

Paid Member Subscriptions CVE-2026-57348

| EUVDEUVD-2026-41347 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-02 Patchstack GHSA-7w66-jfcx-mxqh
7.2
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
7.2 HIGH

Unauthenticated network SSRF (AV:N/AC:L/PR:N/UI:N) that pivots the server against other systems (S:C) with limited disclosure/manipulation and no availability loss (C:L/I:L/A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:14 vuln.today

DescriptionCVE.org

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

AnalysisAI

Server-Side Request Forgery in the Paid Member Subscriptions WordPress plugin (versions 3.0.4 and earlier by Cozmoslabs) lets remote unauthenticated attackers coerce the WordPress server into issuing arbitrary outbound HTTP requests. Per the CVSS vector (PR:N, S:C) the flaw is reachable without authentication and crosses a security boundary, enabling attackers to reach internal-only services, cloud metadata endpoints, or other back-end systems the WordPress host can talk to. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted request to vulnerable plugin endpoint
Delivery
Inject attacker-controlled internal URL
Exploit
Server issues forged outbound request
Execution
Read response or infer via timing
Impact
Harvest internal data or cloud metadata

Vulnerability AssessmentAI

Exploitation No authentication or user interaction is required (PR:N/UI:N), and the attack is delivered over the network (AV:N) at low complexity (AC:L) against Paid Member Subscriptions <= 3.0.4, so default installations of the vulnerable plugin are exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderate and internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP request to the vulnerable plugin endpoint with a URL parameter pointing at an internal target, such as http://169.254.169.254/latest/meta-data/ or an internal admin service. The WordPress server dutifully makes the request from its own network position, and the attacker uses the response (or timing/behavioral differences) to enumerate internal hosts or harvest cloud credentials. …
Remediation Upgrade the Paid Member Subscriptions plugin to a version newer than 3.0.4 as published by Cozmoslabs; the exact fixed version is not confirmed in the provided data, so verify the current patched release via the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/paid-member-subscriptions/vulnerability/wordpress-paid-member-subscriptions-plugin-3-0-4-server-side-request-forgery-ssrf-vulnerability) and the plugin's WordPress.org page before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Scan all WordPress instances for Paid Member Subscriptions plugin versions 3.0.4 or earlier; disable the plugin immediately on non-critical systems pending patch availability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57348 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy