EUVD-2026-18987CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
3Description
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX action.
Analysis
Authenticated attackers with subscriber-level access can obtain paid lifetime membership plans in the ProfilePress WordPress plugin (≤4.16.11) without payment by exploiting a missing ownership verification flaw. The vulnerability allows hijacking of another user's active subscription during checkout to manipulate proration calculations. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all WordPress instances running ProfilePress and document current versions via admin dashboard or wp-cli. Within 7 days: Update ProfilePress to version 4.16.12 or later on all affected installations; test membership checkout workflows in staging environment before production deployment. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today