CVE-2026-12432 Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. The handler is registered through both wpajax and wpajaxnopriv hooks and the underlying updatefailedpaymentstatus function...

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

CVE-2026-45217 WordPress Stripe Payment Gateway for WooCommerce plugin <= 5.0.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7...

EUVD-2023-56816

Malicious code in bioql PyPI...

CVE-2024-50459

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...

CVE-2023-52143

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37...

CVE-2024-50459

Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3...

CVE-2024-50459

Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through = 3.2.3...

WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.2.3 is vulnerable to Broken Access Control

Software WordPress Stripe Donation and Payment Plugin Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50459 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bb58320243b3 Credits...

WordPress Stripe Payments Plugin <= 2.0.86 is vulnerable to Cross Site Scripting (XSS)

Software Stripe Payments Type Plugin Vulnerable versions = 2.0.86 Fixed in 2.0.87 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7353 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4e25c32d75e3 Credits Arkadiusz Hydzik...

WordPress Stripe Payments Plugin <= 2.0.79 is vulnerable to Content Injection

Software Stripe Payments Type Plugin Vulnerable versions = 2.0.79 Fixed in 2.0.80 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2023-48285 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d526738c5887 Credits Joshua Chan Required privilege...

WordPress Stripe Express Plugin <= 1.12.0 is vulnerable to Cross Site Scripting (XSS)

Software Stripe Express Type Plugin Vulnerable versions = 1.12.0 Fixed in 1.12.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2d97e8c50280 Credits Rafie Muhammad Patchstack Required...

WordPress WordPress Stripe Donation and Payment Plugin Plugin < 3.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Stripe Donation and Payment Plugin Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3e61589953b1 Credits Rafie...

WordPress Stripe For WooCommerce plugin 3.0.0 – 3.3.9 - Missing Authorization Controls to Financial Account Hijacking vulnerability

Missing Authorization Controls to Financial Account Hijacking vulnerability discovered by Margaux DABERT Intrinsec in WordPress Stripe For WooCommerce plugin versions 3.0.0 – 3.3.9. Solution Update the WordPress Stripe For WooCommerce plugin to the latest available version at least 3.3.10...

WordPress Stripe Payments plugin <= 2.0.39 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Park Won Seok in WordPress Stripe Payments plugin versions = 2.0.39. Solution Update the WordPress Stripe Payments plugin to the latest available version at least 2.0.40...