CVE-2026-12432 | themeisle Stripe Payment Forms by WP Full Pay Plugin up to 8.4.3 on WordPress Stripe.js wpfs_update_failed_payment_status db authorization
A vulnerability categorized as critical has been discovered in themeisle Stripe Payment Forms by WP Full Pay Plugin up to 8.4.3 on WordPress. This issue affects the function wpfs_update_failed_payment_status of the file Stripe.js. The manipulation of the argument db results in missing authorization.
This vulnerability is identified as CVE-2026-12432. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.VulDB Recent EntriesRead More