CyberRota
← Ana sayfaya dön

CVE-2026-10820

HIGH · CVSS 8.1 EPSS %0.22

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-27T06:16:30.597 · Çekilme zamanı: 2026-06-30T18:36:27.146564+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir.

CVE
CVE-2026-10820
Severity
HIGH
CVSS
8.1
EPSS
%0.22
WordPress

Orijinal NVD Açıklaması

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.