CVE-2026-11966
User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.
| Vendor | unknown |
| Product | user registration & membership |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown user registration & membership
Be the first to know when new unknown vulnerabilities affecting unknown user registration & membership are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
Unknown / User Registration & Membership
4.2.3 < 5.2.3
References
Credits
Daniel PΓΊa - devploit WPScan