πŸ” CVE Alert

CVE-2026-11966

UNKNOWN 0.0

User Registration & Membership < 5.2.3 - Unauthenticated Limited User Deletion via Stripe Subscription Handler

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The User Registration & Membership WordPress plugin before 5.2.3 does not perform a capability check for unauthenticated callers on one of its membership payment actions and acts on a caller-supplied user identifier, allowing unauthenticated attackers to delete recently-registered, payment-pending user accounts.

Vendor unknown
Product user registration & membership
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for unknown user registration & membership

Be the first to know when new unknown vulnerabilities affecting unknown user registration & membership are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Unknown / User Registration & Membership
4.2.3 < 5.2.3

References

NVD β†— CVE.org β†— EPSS Data β†—
wpscan.com: https://wpscan.com/vulnerability/8e3be064-b3b7-4d68-960b-8c850c3e6f77/

Credits

Daniel PΓΊa - devploit WPScan