HIGH
Paid Membership Plugin
CVE published 2026-06-27
CVE-2026-10820
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 has a vulnerability that allows any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference. This issue has a CVSS score of 8.1 and is classified as HIGH severity. The vulnerability was published on June 27, [truncated]