CVE-2026-57659
HighCVSS 8.8Summary
The Paid Memberships Pro - Add Member From Admin plugin version 0.7.2 and earlier is vulnerable to unauthenticated Cross-Site Request Forgery (CSRF). An attacker can exploit this vulnerability to perform unauthorized actions in the context of an administrator without requiring an authenticated session.
Risk Assessment
The risk involves the possibility of an attacker performing unwanted operations on an administrator account, such as adding new members or modifying settings, which could lead to data integrity breaches and system control compromise.
Recommendation
Immediately update the Paid Memberships Pro - Add Member From Admin plugin to a version newer than 0.7.2 that includes a fix for the CSRF vulnerability. Additionally, consider implementing CSRF protection mechanisms such as synchronization tokens.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

