CVE-2026-2729

Name of the Vulnerable Software and Affected Versions Forminator plugin for WordPress versions prior to 1.53.0

Description An authorization bypass exists because the plugin fails to properly verify user authorization when processing Stripe PaymentIntent identifiers in the public payment flow. This allows unauthenticated attackers to submit high-value paid forms as completed by reusing a previously successful low-value Stripe PaymentIntent, leading to payment bypass or underpayment.

Recommendations Update the plugin to a version later than 1.52.0.