Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 09 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 |
Tue, 09 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-862 | |
| Metrics |
cvssV3_1
|
Tue, 09 Jun 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress
Wordpress wordpress Wpforms Wpforms wpforms |
|
| Weaknesses | CWE-284 | |
| Vendors & Products |
Wordpress
Wordpress wordpress Wpforms Wpforms wpforms |
Tue, 09 Jun 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions. | |
| Title | WPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-09T13:15:29.218Z
Reserved: 2026-03-27T12:48:44.088Z
Link: CVE-2026-4986
Updated: 2026-06-09T13:15:18.622Z
Status : Deferred
Published: 2026-06-09T06:16:53.797
Modified: 2026-06-09T14:16:44.693
Link: CVE-2026-4986
No data.
OpenCVE Enrichment
Updated: 2026-06-09T17:45:10Z