First published: Fri Mar 28 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paid Memberships Pro | <=2.14.3 | |
WordPress Paid Member Subscriptions | <=2.14.3 |
Update the WordPress Paid Member Subscriptions plugin to the latest available version (at least 2.14.4).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-31088 has a high severity rating due to its potential to allow stored Cross-site Scripting (XSS) attacks.
To fix CVE-2025-31088, update the Paid Member Subscriptions plugin to version 2.14.4 or later.
The potential impacts of CVE-2025-31088 include unauthorized access to user data and the ability to inject malicious scripts.
CVE-2025-31088 affects all versions of Paid Member Subscriptions from n/a to 2.14.3.
Yes, CVE-2025-31088 is a known vulnerability affecting the WordPress Paid Member Subscriptions plugin.