CVE-2026-10820
Vulnerability Description
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content
Discussion (0)
Add Comment
No comments yet. Be the first!