Vendor

Stripe

3 briefs RSS

Paid Memberships Pro Plugin Vulnerability Allows Unauthorized Stripe Webhook Modification

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification of Stripe webhook configurations due to missing capability checks, allowing authenticated attackers with Subscriber-level access to disrupt payment processing.

Paid Memberships Pro plugin wordpress stripe webhook vulnerability plugin

2r 3t 1c 2d ago

critical advisory

Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

2 rules 1 TTP

A vulnerability in the Stripe webhook handler allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without payment, stemming from an empty StripeWebhookSecret and lack of PaymentMethod validation, enabling cross-gateway exploitation.

Stripe Webhook stripe webhook signature-bypass quota-fraud

2r 1t 1w ago

high advisory

Otter Blocks Plugin Purchase Verification Bypass Vulnerability (CVE-2026-2892)

3 rules 1 TTP 1 CVE

CVE-2026-2892 is a purchase verification bypass vulnerability in the Otter Blocks plugin for WordPress, affecting versions up to 3.1.4, that allows unauthenticated attackers to access restricted content by forging a cookie used for purchase validation.

Otter Blocks plugin wordpress plugin purchase-bypass CVE-2026-2892 defense-evasion

3r 1t 1c Jun 24, 2024