Skip to main content

Wpsubscription

2 CVEs product

Monthly

CVE-2026-24554 MEDIUM This Month

Cross-Site Request Forgery in the WPSubscription WordPress plugin (Convers Lab, versions through 1.9.1) enables remote unauthenticated attackers to perform unauthorized state-changing actions by tricking an authenticated WordPress user into visiting a malicious page or clicking a crafted link. The CVSS 4.3 Medium rating reflects limited integrity impact (I:L) with no confidentiality or availability exposure. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.01% (3rd percentile) and SSVC 'Exploitation: none' both corroborate the low real-world threat level at time of analysis.

CSRF Wpsubscription
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-69347 HIGH This Week

WPSubscription plugin versions up to 1.8.10 contain an authorization bypass vulnerability allowing attackers to exploit incorrectly configured access control through user-controlled keys, enabling unauthorized access to subscription-related resources and functionality. The vulnerability affects WordPress installations running the affected WPSubscription plugin and could allow unauthenticated or low-privileged attackers to circumvent security controls. No CVSS score, EPSS data, or active KEV designation is currently available, though the vulnerability was reported by Patchstack security researchers and assigned ENISA EUVD ID EUVD-2025-208999.

Authentication Bypass Wpsubscription
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery in the WPSubscription WordPress plugin (Convers Lab, versions through 1.9.1) enables remote unauthenticated attackers to perform unauthorized state-changing actions by tricking an authenticated WordPress user into visiting a malicious page or clicking a crafted link. The CVSS 4.3 Medium rating reflects limited integrity impact (I:L) with no confidentiality or availability exposure. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.01% (3rd percentile) and SSVC 'Exploitation: none' both corroborate the low real-world threat level at time of analysis.

CSRF Wpsubscription
NVD
EPSS 0% CVSS 8.6
HIGH This Week

WPSubscription plugin versions up to 1.8.10 contain an authorization bypass vulnerability allowing attackers to exploit incorrectly configured access control through user-controlled keys, enabling unauthorized access to subscription-related resources and functionality. The vulnerability affects WordPress installations running the affected WPSubscription plugin and could allow unauthenticated or low-privileged attackers to circumvent security controls. No CVSS score, EPSS data, or active KEV designation is currently available, though the vulnerability was reported by Patchstack security researchers and assigned ENISA EUVD ID EUVD-2025-208999.

Authentication Bypass Wpsubscription
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy