CVE-2026-4949 | properfraction ProfilePress Plugin up to 4.16.12 on WordPress process_checkout change_plan_sub_id authorization

A vulnerability classified as critical has been found in properfraction ProfilePress Plugin up to 4.16.12 on WordPress. The affected element is the function process_checkout. Performing a manipulation of the argument change_plan_sub_id results in missing authorization.

This vulnerability is known as CVE-2026-4949. Remote exploitation of the attack is possible. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More