Wpeverest

**Name of the Vulnerable Software and Affected Versions** User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions prior to 4.2.2 **Description** The issue is related to an Insecure Direct Object Reference in the create stripe subscription() function, due to missing validation on the `member id` user-controlled key. This allows unauthenticated attackers to delete arbitrary user accounts registered through the plugin. **Recommendations** For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the `create stripe subscription()` function until a patch is available.