CVE-2026-57348
HighCVSS 7.2Summary
The Paid Member Subscriptions plugin version 3.0.4 and earlier contains an unauthenticated Server Side Request Forgery (SSRF) vulnerability. An attacker can send crafted HTTP requests that are executed by the server, enabling access to internal network resources.
Risk Assessment
The risk includes unauthorized access to internal systems, internal network scanning, and potential escalation of attacks against other services within the organization's infrastructure.
Recommendation
It is recommended to immediately update the Paid Member Subscriptions plugin to the latest available version that fixes this vulnerability. Additionally, consider restricting outbound server traffic and implementing URL validation mechanisms.
Original NVD description (English source)
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.

