Unauthenticated Access Control Flaw in User Registration Stripe Plugin by WordPress
CVE-2026-49081

8.2HIGH

Key Information:

Vendor: WordPress
Status: User Registration Stripe
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-49081?

The User Registration Stripe plugin for WordPress is affected by an unauthenticated broken access control vulnerability. When exploited, this flaw allows unauthorized users to gain access to restricted functionalities that should ideally be protected. It is crucial for users of versions up to 1.3.12 to assess their security posture and implement immediate updates to mitigate potential unauthorized access risks.

Affected Version(s)

User Registration Stripe <= 1.3.12

References

https://patchstack.com/database/wordpress/plugin/user-reg...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 27, 2026

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2026-49081 Data

JSON