CVE-2026-11966 - User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler
CVE ID :CVE-2026-11966
Published : July 17, 2026, 6 a.m. | 48 minutes ago
Description :The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 17, 2026, 6 a.m. | 48 minutes ago
Description :The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...