Skip to main content

User Registration Stripe

2 CVEs product

Monthly

CVE-2026-49081 HIGH This Week

Broken access control in the WordPress plugin User Registration Stripe (versions <= 1.3.12) allows unauthenticated remote attackers to invoke protected functionality without proper authorization checks. The flaw stems from missing capability validation (CWE-862) and carries a CVSS 3.1 score of 8.2 with high integrity impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass User Registration Stripe
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-40726 HIGH This Week

Broken access control in the User Registration Stripe WordPress plugin (versions 1.3.14 and earlier) allows remote unauthenticated attackers to access functionality that should require authorization, leading to high confidentiality exposure and limited integrity tampering. The flaw is reported by Patchstack and tagged as an authentication bypass, but no public exploit code has been identified at time of analysis. EPSS data was not provided, and the issue is not listed in CISA KEV.

Authentication Bypass User Registration Stripe
NVD
CVSS 3.1
8.2
EPSS
0.2%
EPSS 0% CVSS 8.2
HIGH This Week

Broken access control in the WordPress plugin User Registration Stripe (versions <= 1.3.12) allows unauthenticated remote attackers to invoke protected functionality without proper authorization checks. The flaw stems from missing capability validation (CWE-862) and carries a CVSS 3.1 score of 8.2 with high integrity impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass User Registration Stripe
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Broken access control in the User Registration Stripe WordPress plugin (versions 1.3.14 and earlier) allows remote unauthenticated attackers to access functionality that should require authorization, leading to high confidentiality exposure and limited integrity tampering. The flaw is reported by Patchstack and tagged as an authentication bypass, but no public exploit code has been identified at time of analysis. EPSS data was not provided, and the issue is not listed in CISA KEV.

Authentication Bypass User Registration Stripe
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy