Primary

Context

Charitable Donation Plugin for WordPress Stripe Webhook Data Forgery Vulnerability

Vulnerability

A vulnerability exists in the Charitable Donation Plugin for WordPress, specifically in versions up to and including 1.8.9.7. The issue arises from inadequate verification of data authenticity, as the plugin fails to apply cryptographic validation to incoming Stripe webhook events. This flaw enables unauthenticated attackers to fabricate 'payment_intent.succeeded' webhook payloads, falsely marking pending donations as completed without actual payment.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of donation statuses, potentially leading to financial discrepancies by falsely indicating that payments have been received.

Remediation

Users are advised to update the Charitable Donation Plugin for WordPress to version 1.8.10 or a newer patched version.

Added: Apr 7, 2026, 8:52 AM

Updated: Apr 7, 2026, 8:52 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

5.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

5.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Charitable Donation Plugin for WordPress Stripe Webhook Data Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating