The Paid Memberships Pro plugin for WordPress versions up to 3.6.5 contains a vulnerability that allows unauthorized modification of Stripe webhook configuration. The vulnerability exists due to missing capability checks on AJAX handlers for webhook operations. Authenticated attackers with Subscriber-level access can delete, create, or rebuild Stripe webhooks, potentially disrupting payment processing, subscription renewals, cancellations, and failed payment management. This affects all payment-related functionality for WordPress sites using this plugin with Stripe integration.