PT-2026-30800 · Smub · Charitable – Donation Plugin For Wordpress – Fundraising With Recurring Donations & More

Andrés Cruciani

Published

2026-04-07

Updated

2026-04-07

CVE-2026-3177

CVSS v3.1

5.3

Medium

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook events. This makes it possible for unauthenticated attackers to forge payment intent.succeeded webhook payloads and mark pending donations as completed without a real payment.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2026-3177

Affected Products

Charitable – Donation Plugin For Wordpress – Fundraising With Recurring Donations & More

CVE-2026-3177

Weakness Enumeration

Related Identifiers

Affected Products

References · 4