CVE-2025-58600
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cozmoslabs | paid_member_subscriptions | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization issue in the WordPress Paid Member Subscriptions Plugin (up to version 2.15.9). It is caused by broken access control due to missing authorization, authentication, or nonce token checks in certain functions. This flaw allows unauthenticated users to perform actions that should be restricted to higher-privileged users, potentially compromising the security of the system. [1]
How can this vulnerability impact me? :
The vulnerability can allow unauthenticated attackers to perform actions reserved for privileged users, which may lead to unauthorized changes or disruptions in the membership system. Although the CVSS score is 5.3 indicating a low priority risk, exploitation could result in denial of service or other availability impacts. It is important to update to version 2.16.0 or later to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from missing authorization checks in the Paid Member Subscriptions plugin up to version 2.15.9, allowing unauthenticated users to perform privileged actions. Detection involves monitoring for unauthorized access attempts or unusual activity related to the plugin's functions. Specific detection commands are not provided in the resources. It is recommended to use security monitoring tools or web application firewalls that can detect broken access control attempts. Patchstack offers virtual patching that can help detect and mitigate exploitation attempts automatically. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Paid Member Subscriptions plugin to version 2.16.0 or later, where the vulnerability is fixed. Additionally, applying Patchstack's virtual patching (vPatching) can provide immediate protection by auto-mitigating the vulnerability even before official patches are applied. If a website is suspected to be compromised, professional incident response services are recommended. [1]