Unauthenticated Broken Access Control in User Registration Stripe Plugin by WordPress
CVE-2026-40726

8.2HIGH

Key Information:

Vendor: WordPress
Status: User Registration Stripe
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-40726?

The User Registration Stripe plugin for WordPress exhibits a critical security flaw that allows unauthenticated users to bypass access controls. This vulnerability affects versions 1.3.14 and earlier, posing a risk to sites using the plugin. Attackers can exploit this flaw to execute unauthorized actions, potentially leading to unauthorized access to sensitive data. Website owners should immediately verify their plugin versions and apply security patches to mitigate potential threats.

Affected Version(s)

User Registration Stripe <= 1.3.14

References

https://patchstack.com/database/wordpress/plugin/user-reg...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2026-40726 Data

JSON