Cozmoslabs Paid Member Subscriptions: Unauthorized Access to Sensitive Information

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Cozmoslabs Paid Member Subscriptions: Unauthorized Access to Sensitive Information

CVE-2025-68514

Summary

A security issue in Cozmoslabs Paid Member Subscriptions allows an attacker to bypass access controls and access sensitive information. This affects versions of the plugin up to 2.16.8. To fix this, update to a patched version of the plugin.

Original title

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Lev...

Original description

nvd CVSS3.1 6.5

Vulnerability type

CWE-639 Authorization Bypass Through User-Controlled Key

https://patchstack.com/database/Wordpress/Plugin/paid-member-subscriptions/vulne...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026