CVE-2026-3453
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...