CVE-2026-4949 — The Paid Membership Plugin, Ecommerce, User Registration
Image via images.unsplash.com
CVE-2026-4949 — The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process_checkout' function not prop
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4949 | vulnerability | CVE-2026-4949 |
| CWE-862 | weakness | CWE-862 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 02:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Critical WordPress Plugin Flaw Grants Admin Privileges
CVE-2026-4880 — The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation...
Free5GC UDR Service Leaks 5G Subscriber Identifiers
CVE-2026-40245 — Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability...
Maddy Mail Server Hit by Critical LDAP Injection Flaw
CVE-2026-40193 — maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames...