EUVD-2026-26782

🗓️ 02 May 2026 11:16:09Reported by EUVDType

Authenticated subscribers can modify Stripe webhook in Paid Memberships Pro, disrupting payments and renewal handling.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-4100	2 May 202611:16	–	attackerkb
Circl	CVE-2026-4100	16 May 202611:02	–	circl
CNNVD	WordPress plugin Paid Memberships Pro 安全漏洞	2 May 202600:00	–	cnnvd
CVE	CVE-2026-4100	2 May 202611:16	–	cve
Cvelist	CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption	2 May 202611:16	–	cvelist
NVD	CVE-2026-4100	2 May 202612:16	–	nvd
Patchstack	WordPress Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption vulnerability	5 May 202616:22	–	patchstack
Positive Technologies	PT-2026-36609	2 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4100	4 May 202620:21	–	redhatcve
Vulnrichment	CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption	2 May 202611:16	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "90dfaa63-6516-3c8f-89f3-4c6b747daedf",
        "vendor": {
          "name": "strangerstudios"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "f599ab36-a3ae-386b-8bcf-ee0f13b07b81",
        "product": {
          "name": "Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions"
        },
        "product_version": "0 ≤3.6.5"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/5b333a3d-e416-42aa-9722-5406df0a64b3
github	www.github.com/strangerstudios/paid-memberships-pro/pull/3615

02 May 2026 11:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.1

EPSS0.00047