CVE-2026-3453: CWE-639 Authorization Bypass Through User-Controlled Key in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function. The ppress_process_checkout AJAX handler accepts a user-controlled subscription ID intended for plan upgrades, loads the subscription record, and cancels/expires it without verifying the subscription belongs to the requesting user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and expire any other user's active subscription via the change_plan_sub_id parameter during checkout, causing immediate loss of paid access for victims.
AI Analysis
Technical Summary
CVE-2026-3453 is an insecure direct object reference vulnerability (CWE-639) in the ProfilePress WordPress plugin affecting all versions up to 4.16.11. The vulnerability arises from missing ownership validation on the change_plan_sub_id parameter in the ppress_process_checkout AJAX handler. This handler accepts a user-controlled subscription ID intended for plan upgrades but fails to verify that the subscription belongs to the requesting user before canceling or expiring it. Consequently, an authenticated attacker with at least Subscriber-level privileges can cancel or expire any other user's active subscription during checkout, causing denial of paid membership access.
Potential Impact
Exploitation allows authenticated users with Subscriber-level or higher privileges to cancel or expire subscriptions belonging to other users. This results in immediate loss of paid membership access for the victims. The vulnerability does not disclose sensitive data but impacts integrity and availability of subscription services. The CVSS v3.1 score is 8.1 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality impact, high integrity and availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Subscriber-level access if possible and monitor for suspicious subscription cancellations. Avoid using vulnerable versions of the ProfilePress plugin. Follow vendor updates closely for an official patch or temporary mitigation instructions.
CVE-2026-3453: CWE-639 Authorization Bypass Through User-Controlled Key in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Description
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function. The ppress_process_checkout AJAX handler accepts a user-controlled subscription ID intended for plan upgrades, loads the subscription record, and cancels/expires it without verifying the subscription belongs to the requesting user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and expire any other user's active subscription via the change_plan_sub_id parameter during checkout, causing immediate loss of paid access for victims.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-3453 is an insecure direct object reference vulnerability (CWE-639) in the ProfilePress WordPress plugin affecting all versions up to 4.16.11. The vulnerability arises from missing ownership validation on the change_plan_sub_id parameter in the ppress_process_checkout AJAX handler. This handler accepts a user-controlled subscription ID intended for plan upgrades but fails to verify that the subscription belongs to the requesting user before canceling or expiring it. Consequently, an authenticated attacker with at least Subscriber-level privileges can cancel or expire any other user's active subscription during checkout, causing denial of paid membership access.
Potential Impact
Exploitation allows authenticated users with Subscriber-level or higher privileges to cancel or expire subscriptions belonging to other users. This results in immediate loss of paid membership access for the victims. The vulnerability does not disclose sensitive data but impacts integrity and availability of subscription services. The CVSS v3.1 score is 8.1 (High), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality impact, high integrity and availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict Subscriber-level access if possible and monitor for suspicious subscription cancellations. Avoid using vulnerable versions of the ProfilePress plugin. Follow vendor updates closely for an official patch or temporary mitigation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-03-02T17:56:22.573Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b0de292f860ef9430a0afe
Added to database: 3/11/2026, 3:14:49 AM
Last enriched: 4/9/2026, 6:47:24 PM
Last updated: 4/28/2026, 7:23:52 AM
Views: 146
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.