PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49081 ThemeGrill CVE debrief

CVE-2026-49081 is a HIGH severity vulnerability (CVSS Score: 8.2) affecting the User Registration Stripe plugin versions <= 1.3.12. This vulnerability involves unauthenticated broken access control. The CVE was published on 2026-06-17T13:20:46.200Z and last modified on 2026-06-17T15:16:59.627Z. Users of the affected plugin should take immediate action to mitigate potential risks. This vulnerability allows attackers to bypass access controls, potentially leading to unauthorized actions within the plugin. The vendor and product details are not fully confirmed, with a confidence level of 'low'.

Vendor
ThemeGrill
Product
User Registration Stripe
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of the User Registration Stripe plugin, especially those using versions <= 1.3.12, should be aware of this vulnerability. Given its HIGH severity and potential for unauthorized access, immediate attention is required to secure affected installations.

Technical summary

CVE-2026-49081 is a vulnerability in the User Registration Stripe plugin for WordPress, affecting versions up to and including 1.3.12. The issue is characterized as unauthenticated broken access control, which can allow attackers to perform actions without proper authorization. The vulnerability has been assigned a CVSS score of 8.2, indicating a HIGH severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N, indicating that the vulnerability can be exploited over the network with low attack complexity and no required privileges or user interaction. The impact is primarily on integrity, with a potential for high impact.

Defensive priority

HIGH

Recommended defensive actions

  • Update the User Registration Stripe plugin to a version greater than 1.3.12 immediately.
  • Restrict access to the plugin's settings and functionality to only authenticated and authorized users.
  • Monitor plugin usage and logs for suspicious activity.
  • Implement additional security measures such as two-factor authentication for WordPress users.
  • Regularly update all WordPress plugins and themes to prevent exploitation of known vulnerabilities.
  • Consider using a Web Application Firewall (WAF) to detect and prevent attacks.
  • Review user roles and permissions within WordPress to ensure principle of least privilege.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record was published on 2026-06-17T13:20:46.200Z and last modified on 2026-06-17T15:16:59.627Z. The vulnerability details indicate a HIGH severity level with a CVSS score of 8.2. The CWE-862 weakness is associated with this vulnerability.

Official resources

public