On October 23th, 2024, we received a submission for a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability in WPForms, a WordPress plugin with more than 6,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level access and above, to refund Stripe payments and cancel Stripe subscriptions.
The post 6,000,000 WordPress Sites Protected Against Payment Refund and Subscription Cancellation Vulnerability in WPForms WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: