Skip to main content

Best Payments Plugin For Wp

1 CVEs product

Monthly

CVE-2026-42655 MEDIUM This Month

Payment bypass in Best Payments Plugin for WP (versions ≤ 4.6.19) allows unauthenticated remote attackers to circumvent payment verification by manipulating HTTP parameters the plugin incorrectly treats as immutable, enabling completion of purchases without actual payment. Rooted in CWE-472 (External Control of Assumed-Immutable Web Parameter), the flaw directly threatens the financial integrity of any WordPress e-commerce site relying on this plugin for order processing. No public exploit is identified and CVSS AC:H indicates exploitation requires deliberate parameter manipulation during an active payment flow, limiting mass-exploitation risk despite the unauthenticated attack vector.

Authentication Bypass Best Payments Plugin For Wp
NVD
CVSS 3.1
5.9
EPSS
0.2%
EPSS 0% CVSS 5.9
MEDIUM This Month

Payment bypass in Best Payments Plugin for WP (versions ≤ 4.6.19) allows unauthenticated remote attackers to circumvent payment verification by manipulating HTTP parameters the plugin incorrectly treats as immutable, enabling completion of purchases without actual payment. Rooted in CWE-472 (External Control of Assumed-Immutable Web Parameter), the flaw directly threatens the financial integrity of any WordPress e-commerce site relying on this plugin for order processing. No public exploit is identified and CVSS AC:H indicates exploitation requires deliberate parameter manipulation during an active payment flow, limiting mass-exploitation risk despite the unauthenticated attack vector.

Authentication Bypass Best Payments Plugin For Wp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy