CVE-2026-1926

The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wps sfw admin cancel susbcription() function in all versions up to, and including, 1.9.2. This is due to the function being hooked to the init action without any authentication or authorization checks, and only performing a non-empty check on the nonce parameter without actually validating it via wp verify nonce(). This makes it possible for unauthenticated attackers to cancel any active WooCommerce subscription by sending a crafted GET request with an arbitrary nonce value via the wps subscription id parameter.