Medium severity5.3NVD Advisory· Published Nov 22, 2025· Updated Apr 15, 2026
CVE-2025-12752
CVE-2025-12752
Description
The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create fake payment entries that have not actually occurred.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=1.1.7
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.