Sensitive Data Exposure in ZealousWeb Accept Stripe Payments Plugin for WordPress
CVE-2025-53309

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Accept Stripe Payments Using Contact Form 7
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-53309?

A vulnerability exists in the ZealousWeb Accept Stripe Payments Using Contact Form 7 plugin that allows the retrieval of embedded sensitive data. This flaw can expose sensitive information to unauthorized users, posing a significant risk to the security of WordPress sites utilizing this plugin. Affected versions range from n/a up to 3.0, making it crucial for website administrators to address this vulnerability promptly.

Affected Version(s)

Accept Stripe Payments Using Contact Form 7 <= 3.0

References

https://patchstack.com/database/wordpress/plugin/accept-s...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Martino Spagnuolo (r3verii) (Patchstack Alliance)

JSON