Impact
A flaw in the User Registration Stripe plugin permits unauthenticated users to perform actions that should be reserved for privileged roles. The broken access control allows an attacker to access or modify sensitive plugin settings, potentially exposing data or redirecting payment flows. The vulnerability falls under CWE-862, which indicates improper authorization checks.
Affected Systems
The issue affects installations of the ThemeGrill WordPress User Registration Stripe plugin version 1.3.12 and earlier. Users running these plugin versions on any WordPress site are impacted regardless of the theme or other plugins installed.
Risk and Exploitability
The CVSS score of 8.2 indicates a high severity and the EPSS score is not available, but the lack of a current EPSS does not reduce the risk of exploitation. Because the flaw can be triggered by unauthenticated traffic, an attacker could attempt the exploit from any network location. The vulnerability is not listed in the CISA KEV catalog, yet the high CVSS suggests that email alerts or threat feeds may still flag it for organizations with the plugin installed.
OpenCVE Enrichment