Volerion logoVolerion
Volerion logoVolerion

User Frontend WordPress Plugin Missing Authorization Vulnerability in Subscription Cancellation

Vulnerability

A vulnerability exists in the User Frontend WordPress plugin, specifically in the AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration version 4.3.2 and earlier. The issue arises from a lack of proper capability checks in the user_subscription_cancel() function, allowing authenticated users with Subscriber-level access and above to cancel any user's subscription pack, including those of administrators.

Impact

Exploitation of this vulnerability allows for unauthorized cancellation of user subscription packs, potentially disrupting user access or services associated with those subscriptions.

Remediation

Users can update to version 4.3.3 or a newer patched version to address this vulnerability.

Added: Jun 9, 2026, 10:26 AM
Updated: Jun 9, 2026, 10:26 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
5.9
remediation
0.0
relevance
9.6
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.