WordPress · Forminator · CVE-2026-2729
**Name of the Vulnerable Software and Affected Versions**
Forminator plugin for WordPress versions prior to 1.53.0
**Description**
An authorization bypass exists because the plugin fails to properly verify user authorization when processing Stripe PaymentIntent identifiers in the public payment flow. This allows unauthenticated attackers to submit high-value paid forms as completed by reusing a previously successful low-value Stripe PaymentIntent, leading to payment bypass or underpayment.
**Recommendations**
Update the plugin to a version later than 1.52.0.