Skip to main content

Better Payment Instant Payments Donations Fundraising With Subscriptions Amp More

1 CVEs product

Monthly

CVE-2026-57364 MEDIUM This Month

Unauthenticated remote exploitation of the Better Payment WordPress plugin (versions through 2.2.0) allows attackers to bypass access control restrictions by submitting improperly validated quantity inputs, enabling unauthorized access to functionality protected by ACLs. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the plugin's payment and subscription handling endpoints are reachable without credentials, producing both integrity and availability impact. No active exploitation confirmed; no public exploit identified at time of analysis.

Information Disclosure Better Payment Instant Payments Donations Fundraising With Subscriptions Amp More
NVD
CVSS 3.1
6.5
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated remote exploitation of the Better Payment WordPress plugin (versions through 2.2.0) allows attackers to bypass access control restrictions by submitting improperly validated quantity inputs, enabling unauthorized access to functionality protected by ACLs. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the plugin's payment and subscription handling endpoints are reachable without credentials, producing both integrity and availability impact. No active exploitation confirmed; no public exploit identified at time of analysis.

Information Disclosure Better Payment Instant Payments Donations Fundraising With Subscriptions Amp More
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy