{"id":79496,"date":"2026-06-09T09:46:53","date_gmt":"2026-06-09T06:16:53","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-4986-wpforms-lite-1-10-0-5-unauthenticated-paypal-webhook-forgery\/"},"modified":"2026-06-09T09:46:53","modified_gmt":"2026-06-09T06:16:53","slug":"cve-2026-4986-wpforms-lite-1-10-0-5-unauthenticated-paypal-webhook-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-4986-wpforms-lite-1-10-0-5-unauthenticated-paypal-webhook-forgery\/","title":{"rendered":"CVE-2026-4986 &#8211; WPForms Lite &lt; 1.10.0.5 \u2013 Unauthenticated PayPal Webhook Forgery"},"content":{"rendered":"<p>CVE ID :CVE-2026-4986<\/p>\n<p>  Published : June 9, 2026, 6:16 a.m. | 18\u00a0minutes ago<\/p>\n<p>  Description :The WPForms  WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions.<\/p>\n<p>  Severity: 0.0 | NA<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-4986 Published : June 9, 2026, 6:16 a.m. | 18\u00a0minutes ago Description :The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions. Severity: 0.0 | NA Visit the link &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-79496","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=79496"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/79496\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=79496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=79496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=79496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}