CVE-2024-1389 is a vulnerability identified in the WordPress plugin 'Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction' developed by iovamihai. This plugin facilitates membership management, recurring payments, and content restriction, commonly used by websites to monetize content through subscription models. The vulnerability arises from a missing authorization check (CWE-862) in the function pms_stripe_connect_handle_authorization_return. Specifically, this function lacks a capability check to verify whether the user invoking it has the appropriate permissions. As a result, unauthenticated attackers can exploit this flaw to modify Stripe payment keys configured within the plugin. Stripe keys are critical credentials that enable payment processing and financial transactions. Unauthorized modification of these keys could allow attackers to redirect payments, intercept sensitive financial data, or disrupt payment flows. The vulnerability affects all versions of the plugin up to and including version 2.11.1. No patches or fixes have been published at the time of this analysis, and there are no known exploits in the wild. The vulnerability was publicly disclosed on February 20, 2024, and has been enriched by CISA, indicating recognition by cybersecurity authorities. Given the nature of the flaw, exploitation does not require authentication or user interaction, making it easier for attackers to leverage this vulnerability remotely. However, the impact is limited to the scope of the plugin's deployment and the criticality of the payment keys within the affected systems.

For European organizations, the impact of this vulnerability can be significant, particularly for businesses relying on WordPress websites with the affected plugin to manage paid memberships and recurring payments. Unauthorized modification of Stripe payment keys can lead to financial fraud, loss of revenue, and reputational damage. Attackers could redirect payments to fraudulent accounts or disrupt legitimate payment processing, affecting customer trust and business continuity. Additionally, compromised payment credentials may expose sensitive financial data, potentially leading to compliance violations under GDPR and other data protection regulations. Organizations in sectors such as e-commerce, digital media, online education, and subscription-based services are especially at risk. The ease of exploitation without authentication increases the threat level, as attackers can target vulnerable websites en masse. However, the absence of known exploits in the wild suggests that the vulnerability is not yet actively leveraged by threat actors, providing a window for mitigation. The overall medium severity reflects a balance between the potential financial impact and the limited scope confined to sites using this specific plugin.

1. Immediate mitigation involves auditing all WordPress sites for the presence of the 'Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction' plugin, especially versions up to 2.11.1. 2. Disable or remove the plugin temporarily if it is not critical to business operations until a patch is released. 3. For sites that must continue using the plugin, restrict access to the WordPress admin interface through IP whitelisting, VPNs, or multi-factor authentication to reduce the risk of exploitation. 4. Monitor Stripe account activity closely for any unauthorized changes or suspicious transactions. 5. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable function. 6. Engage with the plugin vendor or community to obtain updates or patches as soon as they become available. 7. Consider alternative membership management plugins with verified secure authorization controls if a patch is delayed. 8. Conduct regular security assessments and penetration tests focusing on payment processing components. These steps go beyond generic advice by emphasizing active monitoring of Stripe accounts, access restrictions to administrative interfaces, and proactive plugin management tailored to this specific vulnerability.