What is CVE-2026-1461?

CVE-2026-1461 is a medium-severity vulnerability in Wpinsider-1 Simple Membership, classified under CWE-230. CVSS score: 6.5/10. Published 2026-02-19.

How severe is CVE-2026-1461?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Wpinsider-1 Simple Membership

CVE-2026-1461

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when t…

EPSS: 0.001 (23.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Wpinsider-1 Simple Membership — versions 0

Weakness classification (CWE)

CWE-230

References

www.wordfence.com/threat-intel/vulnerabilities/id/4e4df9a6-8f7d-428b-a596-0751c…
plugins.trac.wordpress.org/browser/simple-membership/trunk/ipn/swpm-stripe-webh…
plugins.trac.wordpress.org/browser/simple-membership/trunk/classes/class.swpm-w…
plugins.trac.wordpress.org/changeset/3453404/

Frequently asked questions

What is CVE-2026-1461?: CVE-2026-1461 is a medium-severity vulnerability in Wpinsider-1 Simple Membership, classified under CWE-230. CVSS score: 6.5/10. Published 2026-02-19.
How severe is CVE-2026-1461?: Medium severity. CVSS v3 base score is 6.5 out of 10.