CVE-2026-24554
Description
Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery.
This issue affects WPSubscription: from n/a through 1.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery (CSRF) vulnerability in WPSubscription plugin allows attackers to force privileged users into unwanted actions via crafted requests.
Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability exists in the WPSubscription plugin by Convers Lab, affecting versions from n/a through 1.9.1 [1]. The vulnerability allows an attacker to craft requests that can be executed by a privileged user without their consent.
Exploitation
An attacker can exploit this by tricking a logged-in administrator into clicking a malicious link or visiting a crafted page while authenticated [1]. No special network position is required; user interaction is necessary.
Impact
Successful exploitation enables an attacker to force the victim to perform unwanted actions under their current authentication, such as changing plugin settings or deleting subscription data [1]. This compromises the integrity and availability of the site.
Mitigation
Update the WPSubscription plugin to version 1.9.2 or later [1]. Patchstack users can enable auto-updates for vulnerable plugins. If unable to update, contact your hosting provider for assistance.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.