User Registration Stripe
Monthly
Broken access control in the WordPress plugin User Registration Stripe (versions <= 1.3.12) allows unauthenticated remote attackers to invoke protected functionality without proper authorization checks. The flaw stems from missing capability validation (CWE-862) and carries a CVSS 3.1 score of 8.2 with high integrity impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Broken access control in the User Registration Stripe WordPress plugin (versions 1.3.14 and earlier) allows remote unauthenticated attackers to access functionality that should require authorization, leading to high confidentiality exposure and limited integrity tampering. The flaw is reported by Patchstack and tagged as an authentication bypass, but no public exploit code has been identified at time of analysis. EPSS data was not provided, and the issue is not listed in CISA KEV.
Broken access control in the WordPress plugin User Registration Stripe (versions <= 1.3.12) allows unauthenticated remote attackers to invoke protected functionality without proper authorization checks. The flaw stems from missing capability validation (CWE-862) and carries a CVSS 3.1 score of 8.2 with high integrity impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Broken access control in the User Registration Stripe WordPress plugin (versions 1.3.14 and earlier) allows remote unauthenticated attackers to access functionality that should require authorization, leading to high confidentiality exposure and limited integrity tampering. The flaw is reported by Patchstack and tagged as an authentication bypass, but no public exploit code has been identified at time of analysis. EPSS data was not provided, and the issue is not listed in CISA KEV.