Vulnerabilities and security researches forsubscriptions-for-woocommerce subscriptions-for-woocommerce
Direction: ascendingMar 29, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic # CVE-2026-24372
- CVE, Research URL
- Date
- Mar 25, 2026
- Research Description
- Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through <= 1.8.10.
- Affected versions
-
max 1.9.0.
- Status
-
vulnerable
Apr 13, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic # CVE-2026-1926
- CVE, Research URL
- Date
- Mar 18, 2026
- Research Description
- The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the `init` action without any authentication or authorization checks, and only performing a non-empty check on the nonce parameter without actually validating it via `wp_verify_nonce()`. This makes it possible for unauthenticated attackers to cancel any active WooCommerce subscription by sending a crafted GET request with an arbitrary nonce value via the `wps_subscription_id` parameter.
- Affected versions
-
max 1.9.3.
- Status
-
vulnerable
Jun 29, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic # CVE-2026-56061
- CVE, Research URL
- Date
- Jun 26, 2026
- Research Description
- Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.
- Affected versions
-
max 1.9.6.
- Status
-
vulnerable