Unauthenticated Bypass Vulnerability in Stripe Payments Plugin by WordPress
CVE-2026-42752

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
15 June 2026

What is CVE-2026-42752?

A security vulnerability has been identified in the Stripe Payments plugin for WordPress, allowing an attacker to bypass authentication requirements. This unauthorized access can lead to potential exploitation, including unauthorized transactions or data exposure. Users are advised to update to the latest version to mitigate associated risks and enhance security.

Affected Version(s)

Stripe Payments <= 2.0.98

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dodoh4t | Patchstack Bug Bounty Program
.