Impact
The WordPress User Registration Stripe plugin versions up to 1.3.14 contain a broken access control flaw that allows unauthenticated users to perform privileged actions. Classified as CWE-862, this vulnerability can enable unauthorized modification of plugin settings, viewing of restricted data, or other operations that should be protected by authentication.
Affected Systems
Affected systems include the ThemeGrill User Registration Stripe plugin for WordPress when installed with any version prior to 1.3.15. The vulnerability is present in all 1.3.14 and earlier releases.
Risk and Exploitability
The CVSS base score is 8.2, indicating high severity, but the EPSS score is not available, and it is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely remote via the plugin's web interface and does not require authentication. An attacker can exploit the issue by sending crafted requests to privileged endpoints, gaining unauthorized access and potentially compromising site integrity.
OpenCVE Enrichment