MEDIUM
Convers Lab
CVE published 2026-05-25
CVE-2026-24554
A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPSubscription plugin for WordPress, affecting versions up to and including 1.9.1. The vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user by tricking them into submitting a malicious request. This is classified as CWE-352 (Cross-Site Request Forgery). The CVSS 3.1 score of 4.3 (Medium severity) [truncated]