CVE-2026-4058 – User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

CVE ID :CVE-2026-4058

Published : June 9, 2026, 10:16 a.m. | 19 minutes ago

Description :The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user’s subscription pack, including administrators.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-46324 – netfilter: nf_tables: use list_del_rcu for netlink hooks

CVE-2026-46323 – net: gro: don’t merge zcopy skbs

CVE-2026-46322 – tun: free page on build_skb failure in tun_xdp_one()

CVE-2026-46321 – tun: free page on short-frame rejection in tun_xdp_one()