CVE-2026-3177

Medium CVSS: 5.3

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook events. This makes it possible for unauthenticated attackers to forge payment_intent.succeeded webhook payloads and mark pending donations as completed without a real payment.

Vendor

Product

CWE

CWE-345

Yayın Tarihi

2026-04-07 08:16:11

Güncelleme

2026-04-07 13:20:11

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-345 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/changeset/3485023/charitable https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3b2645-7b57-4884-99c5-e37dbd4a9600?source=cve