Impact
The identified flaw allows an unauthenticated attacker to bypass payment authorization and trigger transactions without proper validation. As a result, the attacker could process fraudulent payments, diverting funds and causing financial loss. This weakness maps to CWE‑472, a lack of integrity checks in the payment workflow.
Affected Systems
The vulnerability exists in WPManageNinja’s Best Payments Plugin for WP for all releases up to and including version 4.6.19. The vendor recommends upgrading to version 4.6.20 or later to address the bypass. Administrators should review installations of this plugin to confirm the affected version is in use.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity with potential impact on confidentiality, integrity, and availability of the payment system. The EPSS score being below 1 % suggests current exploitation likelihood is low, and the issue is not listed in CISA’s KEV catalog. Nonetheless, the unauthenticated nature of the vulnerability implies that an attacker could submit crafted requests to the payment endpoint, likely over the web, to exploit the bypass without any credentials. Early mitigation is therefore advised.
OpenCVE Enrichment