CVE-2026-4100 | strangerstudios Paid Memberships Pro Plugin up to 3.6.5 on WordPress AJAX authorization

A vulnerability classified as problematic was found in strangerstudios Paid Memberships Pro Plugin up to 3.6.5 on WordPress. The affected element is the function wp_ajax_pmpro_stripe_create_webhook/wp_ajax_pmpro_stripe_delete_webhook/wp_ajax_pmpro_stripe_rebuild_webhook of the component AJAX Handler. Executing a manipulation can lead to missing authorization.

This vulnerability is registered as CVE-2026-4100. It is possible to launch the attack remotely. No exploit is available.

A patch should be applied to remediate this issue.VulDB Recent EntriesRead More