CVE-2026-34886

Simple Membership <= 4.7.1 - Missing Authorization

mediumMissing Authorization

5.3

CVSS Score

5.3

CVSS Score

medium

Severity

4.7.2

Patched in

10d

Time to patch

Description

The Simple Membership plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

None

Confidentiality

Low

Integrity

None

Availability

Technical Details

Affected versions<=4.7.1

PublishedMarch 31, 2026

Last updatedApril 9, 2026

Affected pluginsimple-membership

What Changed in the Fix

Changes introduced in v4.7.2

Loading patch diff...

Source Code

WordPress.org SVN

Vulnerable v4.7.1

Browse source Download .zip

Patched v4.7.2

Browse source Download .zip

Research Plan

Unverified

```markdown # Exploitation Research Plan: CVE-2026-34886 - Simple Membership Missing Authorization ## 1. Vulnerability Summary The Simple Membership plugin (versions <= 4.7.1) contains a missing authorization vulnerability in the handling of payment settings. The function `SWPM_Payment_Settings_Men…

Show full research plan

# Exploitation Research Plan: CVE-2026-34886 - Simple Membership Missing Authorization

## 1. Vulnerability Summary
The Simple Membership plugin (versions <= 4.7.1) contains a missing authorization vulnerability in the handling of payment settings. The function `SWPM_Payment_Settings_Menu_Tab::handle_payment_settings_menu_tab` (located in `classes/admin-includes/class.swpm-payment-settings-menu-tab.php`) was intended to be an admin-only management function. However, in vulnerable versions, the capability check `SwpmMiscUtils::check_user_permission_and_is_admin` was either missing or placed in a code path that could be bypassed. This allows unauthenticated attackers to trigger actions within this function, such as disconnecting PayPal accounts or modifying plugin settings, provided they can bypass or obtain the required nonces.

## 2. Attack Vector Analysis
*   **Endpoint**: `wp-admin/admin-ajax.php` or any front-end page (via `wp_loaded` or `init` hooks).
*   **Vulnerable Action**: The function `handle_payment_settings_menu_tab` processes several `$_GET` and `$_POST` parameters.
*   **Target Parameters**:
    *   `swpm_ppcp_disconnect_production`: Disconnects the live PayPal account.
    *   `swpm_ppcp_disconnect_sandbox`: Disconnects the sandbox PayPal account

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/bd9336ba-0a91-4fe5-b564-1adf739f4193?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database