WordPress Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption vulnerability

Missing Authorization to Authenticated Subscriber+ Stripe Webhook Deletion and Payment Processing Disruption vulnerability discovered by Jared Reyes in WordPress Plugin Paid Memberships Pro versions = 3.6.5...

CVE-2026-4100

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

CVE-2026-1906

CVE-2026-1906 corresponds to a vulnerability in the PDF Invoices & Packing Slips for WooCommerce plugin for WordPress (versions up to and including 5.6.0). It enables Insecure Direct Object Reference through the wpo_ips_edi_save_order_customer_peppol_identifiers AJAX action due to missing capabil...

PT-2026-7486

The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status...

Ransomware attack disrupts Metro Vancouver’s payment systems

By Deeba Ahmed The payments systems remained ineffective for three days after the ransomware attack, but payment data is safe, claims TransLink. This is a post from HackRead.com Read the original post: Ransomware attack disrupts Metro Vancouvers payment systems...

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

The Cybersecurity and Infrastructure Security Agency CISA, U.S. Department of the Treasury, Internal Revenue Service IRS, and United States Secret Service USSS have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly...