Impact
An unauthenticated bypass vulnerability exists in the WordPress Stripe Payments plugin versions up to and including 2.0.98. The flaw allows an attacker to bypass intended access controls, enabling them to perform actions normally restricted to authenticated users. The weakness is categorized as CWE-440, indicating an omission of output restrictions that can be exploited to compromise authorization logic, potentially leading to unauthorized payments or data manipulation.
Affected Systems
The vulnerability affects the WordPress Stripe Payments plugin (Team Tips and Tricks HQ:Stripe Payments) at versions 2.0.98 and earlier. No additional product or vendor variants are listed.
Risk and Exploitability
The CVSS score is 6.5, reflecting a moderate severity impact. The EPSS score is below 1%, indicating a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, unauthenticated, exploiting the plugin's access control logic to trigger unauthorized actions.
OpenCVE Enrichment