CVE-2025-12752 – Subscriptions & Memberships for PayPal

CVE ID : CVE-2025-12752

Published : Nov. 22, 2025, 8:15 a.m. | 1 hour, 1 minute ago

Description : The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create fake payment entries that have not actually occurred.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…