Better Payment Instant Payments Donations Fundraising With Subscriptions Amp More
Monthly
Unauthenticated remote exploitation of the Better Payment WordPress plugin (versions through 2.2.0) allows attackers to bypass access control restrictions by submitting improperly validated quantity inputs, enabling unauthorized access to functionality protected by ACLs. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the plugin's payment and subscription handling endpoints are reachable without credentials, producing both integrity and availability impact. No active exploitation confirmed; no public exploit identified at time of analysis.
Unauthenticated remote exploitation of the Better Payment WordPress plugin (versions through 2.2.0) allows attackers to bypass access control restrictions by submitting improperly validated quantity inputs, enabling unauthorized access to functionality protected by ACLs. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the plugin's payment and subscription handling endpoints are reachable without credentials, producing both integrity and availability impact. No active exploitation confirmed; no public exploit identified at time of analysis.