CVE-2026-4986 – WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery

CVE ID :CVE-2026-4986

Published : June 9, 2026, 6:16 a.m. | 18 minutes ago

Description :The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5068 – bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data

CVE-2026-9698 – DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

CVE-2026-44083 – QuMagie

CVE-2026-41986 – ACME File System Logic Bypass Denial of Service