Description
Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery.

This issue affects WPSubscription: from n/a through 1.9.1.
Published: 2026-05-25
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Update the WordPress WPSubscription Plugin to the latest available version (at least 1.9.2).

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 May 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Convers Lab
Convers Lab wpsubscription
Wordpress
Wordpress wordpress
Vendors & Products Convers Lab
Convers Lab wpsubscription
Wordpress
Wordpress wordpress

Mon, 25 May 2026 22:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1.
Title WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}


Subscriptions

Convers Lab Wpsubscription
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-26T10:52:17.516Z

Reserved: 2026-01-23T12:31:51.715Z

Link: CVE-2026-24554

cve-icon Vulnrichment

Updated: 2026-05-26T10:52:12.478Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T22:16:32.763

Modified: 2026-06-17T10:23:14.010

Link: CVE-2026-24554

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T00:30:25Z

Weaknesses