CVE Catalog

CVE-2026-42378

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile - higher than 31% of all known CVEs

Summary

There is a broken authentication issue in WP Full Stripe Free versions up to 8.4.1, which may lead to unauthorized access to user accounts.

Risk Assessment

The organization may be exposed to unauthorized user actions, potentially resulting in data loss or privacy breaches.

Recommendation

It is recommended to update the WP Full Stripe Free plugin to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS