PT-2025-43728 · WordPress · Stripe Payment Forms By Wp Full Pay – Accept Credit Card Payments

Michael Mazzolini

Published

2025-10-25

Updated

2025-10-31

CVE-2025-9322

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress versions up to and including 8.3.1

Description The Stripe Payment Forms plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the wpfs-form-name parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This could enable unauthorized access to sensitive database information.

Recommendations Update the Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin to a version later than 8.3.1.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-9322

Affected Products

Stripe Payment Forms By Wp Full Pay – Accept Credit Card Payments

CVE-2025-9322

Weakness Enumeration

Related Identifiers

Affected Products

References · 9