The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, a…

The Paid Memberships Pro plugin for WordPress versions up to 3.6.5 contains a vulnerability that allows unauthorized modification of Stripe webhook configuration. The vulnerability exists due to missing capability checks on AJAX handlers for webhook operations. Authenticated attackers with Subscriber-level access can delete, create, or rebuild Stripe webhooks, potentially disrupting payment processing, subscription renewals, cancellations, and failed payment management. This affects all payment-related functionality for WordPress sites using this plugin with Stripe integration.