Cozmoslabs Paid Member Subscriptions
8 CVEs affecting Cozmoslabs Paid Member Subscriptions. Latest disclosed: 2026-06-15. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54017 | High | 7.5 | 2025-08-20 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions p… |
CVE-2025-49870 | High | 7.5 | 2025-07-04 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscrip… |
CVE-2026-39514 | High | 7.1 | 2026-06-15 | Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions. |
CVE-2025-68514 | Medium | 6.5 | 2026-02-20 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly… |
CVE-2025-31088 | Medium | 6.5 | 2025-03-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscrip… |
CVE-2025-58600 | Medium | 5.3 | 2025-09-03 | Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control S… |
CVE-2024-32728 | Medium | 4.3 | 2024-04-24 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. |
CVE-2023-51522 | Medium | 4.3 | 2024-03-15 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4. |