Impact
The WP Full Stripe Free plugin version 8.4.1 and earlier contains a broken authentication flaw that permits attackers to bypass legitimate user credentials. Classified as CWE-288, this vulnerability enables an adversary to assume subscriber‑or higher‑level privileges, potentially accessing or manipulating subscription data and payment processes.
Affected Systems
The vulnerability affects Themeisle’s WP Full Stripe Free plugin for WordPress, specifically all releases through version 8.4.1.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of current exploitation in the wild. The issue is not listed in the CISA KEV catalog. It is inferred that attackers could trigger the flaw remotely through the plugin’s authentication endpoints, though detailed attack paths are not provided in the description.
OpenCVE Enrichment