Charitable Donation Plugin For Wordpress Fundraising With Recurring Donations More

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3177 MEDIUM This Month

Unauthenticated attackers can forge Stripe webhook events in the Charitable donation plugin for WordPress up to version 1.8.9.7, allowing them to mark pending donations as completed without processing actual payments. The plugin fails to cryptographically verify incoming webhook payloads, enabling attackers to manipulate donation records and bypass payment validation. This impacts all WordPress sites using affected versions and could result in financial loss for fundraising organizations.

WordPress PHP Authentication Bypass Charitable Donation Plugin For Wordpress Fundraising With Recurring Donations More
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3177
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated attackers can forge Stripe webhook events in the Charitable donation plugin for WordPress up to version 1.8.9.7, allowing them to mark pending donations as completed without processing actual payments. The plugin fails to cryptographically verify incoming webhook payloads, enabling attackers to manipulate donation records and bypass payment validation. This impacts all WordPress sites using affected versions and could result in financial loss for fundraising organizations.

WordPress PHP Authentication Bypass +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy