PT-2025-47825 · WordPress · Subscriptions & Memberships For Paypal
Published
2025-11-22
·
Updated
2025-11-22
·
CVE-2025-12752
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Subscriptions & Memberships for PayPal plugin for WordPress versions up to and including 1.1.7
Description
The Subscriptions & Memberships for PayPal plugin for WordPress is susceptible to the creation of fake payments. This occurs because the plugin does not adequately verify the authenticity of an IPN (Internet Payment Notification) request, allowing unauthenticated attackers to create false payment entries without a legitimate transaction taking place.
Recommendations
Update the Subscriptions & Memberships for PayPal plugin for WordPress to a version later than 1.1.7.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Subscriptions & Memberships For Paypal