Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP Full Stripe Free 1.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 8, 2023

The WP Full Stripe Free plugin for WordPress, which is used to accept payments, has a security vulnerability in versions up to and including 1.6.1. This vulnerability could allow unauthenticated attackers to tamper with the plugin’s settings. This is because the plugin does not properly validate some functions in the ~/include/wp-full-stripe-admin-menu.php file, which could be tricked into performing an action, such as clicking on a link, by an attacker.

Detected in:

Accept Payments with Stripe – WP Full Pay for WordPress fixed vulnerable versions:
Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions fixed vulnerable versions:
Stripe Payment forms for WordPress – WP Full Pay fixed vulnerable versions:
Stripe Payment forms for WordPress Plugin – WP Full Pay fixed vulnerable versions:
WP Full Stripe fixed vulnerable versions:
WP Full Stripe Free fixed vulnerable versions: >= * <= 7.0.17

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.