CVE-2026-3309EXPLOITED

properfraction · paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content – profilepress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields

Description

A vulnerability labeled as critical has been found in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin up to 4.16.11 on WordPress. Impacted is an unknown function. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-3309 . The attack can be executed remotely.

Affected Products

Vendor	Product	Versions
properfraction	paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content – profilepress	0

References

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-3309 | properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin code injection

→ No new info (linked only)

CVSS 3.16.5 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-94

PublishedApr 4, 2026

Last enriched7h agov2

Trending Score48

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History