CVE Catalog

CVE-2026-57348

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Summary

The Paid Member Subscriptions plugin version 3.0.4 and earlier contains an unauthenticated Server Side Request Forgery (SSRF) vulnerability. An attacker can send crafted HTTP requests that are executed by the server, enabling access to internal network resources.

Risk Assessment

The risk includes unauthorized access to internal systems, internal network scanning, and potential escalation of attacks against other services within the organization's infrastructure.

Recommendation

It is recommended to immediately update the Paid Member Subscriptions plugin to the latest available version that fixes this vulnerability. Additionally, consider restricting outbound server traffic and implementing URL validation mechanisms.

Original NVD description (English source)

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS