Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery.
This issue affects WPSubscription: from n/a through 1.9.1.
AnalysisAI
Cross-Site Request Forgery in the WPSubscription WordPress plugin (Convers Lab, versions through 1.9.1) enables remote unauthenticated attackers to perform unauthorized state-changing actions by tricking an authenticated WordPress user into visiting a malicious page or clicking a crafted link. The CVSS 4.3 Medium rating reflects limited integrity impact (I:L) with no confidentiality or availability exposure. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.01% (3rd percentile) and SSVC 'Exploitation: none' both corroborate the low real-world threat level at time of analysis.
Technical ContextAI
The vulnerability is rooted in CWE-352 (Cross-Site Request Forgery), meaning the plugin fails to validate the origin of state-changing HTTP requests - typically by omitting or not properly verifying WordPress nonces on sensitive admin endpoints. The affected product is identified via CPE cpe:2.3:a:convers_lab:wpsubscription:*:*:*:*:*:*:*:* as a WordPress plugin developed by Convers Lab that provides subscription management functionality. CSRF in WordPress plugins commonly arises when form handlers or AJAX endpoints registered via admin-post.php or wp-ajax lack nonce verification, allowing a browser to silently replay attacker-crafted requests using the victim's authenticated session cookies.
RemediationAI
The primary remediation is to update the WPSubscription plugin beyond version 1.9.1; however, no specific patched release version is confirmed in the available data - the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/subscription/vulnerability/wordpress-wpsubscription-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability) should be consulted directly to confirm whether a fixed version has been released to the WordPress plugin repository. As a compensating control if patching is not immediately possible, administrators can restrict access to WordPress admin pages at the web server or firewall level to trusted IP ranges, reducing the attack surface for CSRF-based forged requests. Additionally, WordPress security plugins that implement blanket nonce enforcement or WAF rules blocking cross-origin POST requests to wp-admin can mitigate exploitation - note that overly broad WAF rules may break legitimate admin workflows and should be tested before deployment.
More in Wpsubscription
View allSame weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31755
GHSA-gfpm-cpmq-9ff5