Primary

Context

WordPress Subscriptions & Memberships for PayPal Plugin Unauthenticated Fake Payment Creation Vulnerability

Vulnerability

A vulnerability exists in the Subscriptions & Memberships for PayPal plugin for WordPress, affecting all versions up to and including 1.1.7. The issue arises because the plugin fails to properly verify the authenticity of Instant Payment Notification (IPN) requests. This flaw allows unauthenticated attackers to create fake payment entries that do not reflect actual transactions.

Impact

Exploitation of this vulnerability allows for the creation of fraudulent payment entries in the WordPress site, potentially leading to unauthorized access or benefits associated with those payments.

Remediation

Users are advised to update the Subscriptions & Memberships for PayPal plugin to version 1.1.8 or a newer patched version.

Added: Nov 22, 2025, 8:20 AM

Updated: Nov 22, 2025, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Subscriptions & Memberships for PayPal Plugin Unauthenticated Fake Payment Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating