CVE-2026-12432 | themeisle Stripe Payment Forms by WP Full Pay Plugin up to 8.4.3 on WordPress Stripe.js wpfs_update_failed_payment_status db authorization

SecurityVulns

A vulnerability categorized as critical has been discovered in themeisle Stripe Payment Forms by WP Full Pay Plugin up to 8.4.3 on WordPress. This issue affects the function wpfs_update_failed_payment_status of the file Stripe.js. The manipulation of the argument db results in missing authorization.

This vulnerability is identified as CVE-2026-12432. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More