CVE-2026-3445 | properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin process_checkout authorization

A vulnerability, which was classified as critical, has been found in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin up to 4.16.11 on WordPress. The impacted element is the function process_checkout of the component User Registration Handler. The manipulation of the argument change_plan_sub_id leads to missing authorization.

This vulnerability is uniquely identified as CVE-2026-3445. The attack is possible to be carried out remotely. No exploit exists.

CVE-2026-3445 | properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin process_checkout authorization

Post correlati

CVE-2024-4227 | Genivia gSOAP up to 2.8.132 XML Parser iteration

CVE-2013-10063 | Netgear SPH200D up to 1.0.4.80 GET Request path traversal (EDB-24441)

CVE-2023-54202 | Linux Kernel up to 5.15.107/6.1.23/6.2.10 i915_perf_add_config_ioctl use after free

CVE-2023-50981 | Crypto++ up to 8.9.0 DER ModularSquareRoot infinite loop (Issue 1249)