Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation

2024-05-0600:00:00

wpscan.com

wpforms

wordpress

price manipulation

unauthenticated attackers

stripe payment integration

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for purchases made via the Stripe payment integration.