- An incorrect neutralization error was found in WordPress Paid -Bonnment Subscriptions -Plugin
- This plugin is used by more than 10,000 sites that enable membership and paying user accounts
- A patch is now available so users need to update right away
A vulnerability of high difficulty has been discovered in a popular Premium WordPress plugin, giving threat actors access to or exfiltering sensitive data without approval.
Security researcher Chuongvn from the Patchstack Alliance recently found a “wrong neutralization of special elements used in a SQL command” error affecting WordPress paid membership subscription plugs.
Paid member subscriptions are a plugin that helps site owners create and manage member -based sites. It allows administrators to limit content, create subscription plans, accept recurring payments and check user access based on membership level. It’s pretty popular used by more than 10,000 sites.
Among the plugin’s prominent features is its integration with popular payment gateways such as PayPal and Stripe, but this is also where the problem originated.
Plugin’s handling of PayPal Instant Payment notifications (IPN) was problematic, as when a transaction was processed, extracted plugin a payment ID directly from user-delivered data and inserted them in a database request without correct validation.
By manipulating this input, attackers could gain unauthorized access to sensitive information or change stored items.
In a reality scenario, an attacker could inject malicious queries into the site’s database so they can extract email addresses or have-hazed passwords for paying members. This information could then be used to start phishing attacks against subscribers or credentials stops on other platforms where the same login information is used.
The error is now traced as CVE-2025-49870 and has a severity of 7.5/10 (high). It was corrected in version 2.15.2 and users are now advised to upgrade their plugins as soon as possible.
WordPress is the world’s most popular site builder that drives more than half of all the existence sites. As such, its plugins and themes are a popular goal among cyber criminals looking for an easy way into sites, their content and their user’s data.
Via Infosecurity Magazine
