Medium severity5.3NVD Advisory· Published Apr 7, 2026· Updated Apr 27, 2026
CVE-2026-3177
CVE-2026-3177
Description
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook events. This makes it possible for unauthenticated attackers to forge payment_intent.succeeded webhook payloads and mark pending donations as completed without a real payment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- vendor/Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & Morellm-fuzzyRange: <=1.8.9.7
Patches
Vulnerability mechanics
References
2News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)Wordfence Blog · Apr 16, 2026