Beta Contact us and join the community
Back to feed

CVE-2026-11965

NVDCIRCL

Published Jul 2, 2026 · yesterday

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.

References

Potentially impacted assets

See if this affects your attack surface

Latest trending attack

Criticalyesterday

Path Traversal in Fortinet FortiWeb

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

Take 15 minutes to discover our platform with our experts

PatrowlIntel platform screenshot