Description
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Published: 2026-06-17
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WordPress User Registration Stripe plugin versions up to 1.3.14 contain a broken access control flaw that allows unauthenticated users to perform privileged actions. Classified as CWE-862, this vulnerability can enable unauthorized modification of plugin settings, viewing of restricted data, or other operations that should be protected by authentication.

Affected Systems

Affected systems include the ThemeGrill User Registration Stripe plugin for WordPress when installed with any version prior to 1.3.15. The vulnerability is present in all 1.3.14 and earlier releases.

Risk and Exploitability

The CVSS base score is 8.2, indicating high severity, but the EPSS score is not available, and it is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely remote via the plugin's web interface and does not require authentication. An attacker can exploit the issue by sending crafted requests to privileged endpoints, gaining unauthorized access and potentially compromising site integrity.

Generated by OpenCVE AI on June 18, 2026 at 14:05 UTC.

Remediation

Vendor Solution

Update the WordPress User Registration Stripe Plugin to the latest available version (at least 1.3.15).


OpenCVE Recommended Actions

  • Upgrade the User Registration Stripe plugin to version 1.3.15 or newer immediately.
  • If an upgrade is not possible, disable or uninstall the plugin entirely to eliminate the risk.
  • After remediation, review all user roles in WordPress and ensure that only administrators have permission to access plugin configuration settings.

Generated by OpenCVE AI on June 18, 2026 at 14:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Themegrill
Themegrill user Registration Stripe
Wordpress
Wordpress wordpress
Vendors & Products Themegrill
Themegrill user Registration Stripe
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Title WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}


Subscriptions

Themegrill User Registration Stripe
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:32:36.031Z

Reserved: 2026-04-15T09:19:20.453Z

Link: CVE-2026-40726

cve-icon Vulnrichment

Updated: 2026-06-17T12:32:32.433Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:04:17Z

Weaknesses