Tag
high
advisory
Paid Memberships Pro Plugin Vulnerability Allows Unauthorized Stripe Webhook Modification
2 rules 3 TTPs 1 CVEThe Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification of Stripe webhook configurations due to missing capability checks, allowing authenticated attackers with Subscriber-level access to disrupt payment processing.
Paid Memberships Pro plugin
wordpress
stripe
webhook
vulnerability
plugin
2r
3t
1c
critical
advisory
Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud
2 rules 1 TTPA vulnerability in the Stripe webhook handler allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without payment, stemming from an empty StripeWebhookSecret and lack of PaymentMethod validation, enabling cross-gateway exploitation.
Stripe Webhook
stripe
webhook
signature-bypass
quota-fraud
2r
1t