Vulnerabilities and security researches forwp-full-stripe-free wp-full-stripe-free

Jun 10, 2024

CVE, Research URL: CVE-2023-28934
Home page URL: Security reports for Stripe Payment forms for WordPress Plugin – WP Full Pay
Application: Stripe Payment forms for WordPress Plugin – WP Full Pay
Date: Aug 08, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.
Affected versions: max 7.0.6.
Status: vulnerable

CVE, Research URL: CVE-2023-47667
Home page URL: Security reports for Stripe Payment forms for WordPress Plugin – WP Full Pay
Application: Stripe Payment forms for WordPress Plugin – WP Full Pay
Date: Nov 19, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16.
Affected versions: max 7.0.18.
Status: vulnerable

CVE, Research URL: CVE-2023-46088
Home page URL: Security reports for Stripe Payment forms for WordPress Plugin – WP Full Pay
Application: Stripe Payment forms for WordPress Plugin – WP Full Pay
Date: Oct 26, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.
Affected versions: max 7.0.6.
Status: vulnerable

Sep 08, 2025

CVE, Research URL: CVE-2025-58789
Home page URL: Security reports for Stripe Payment forms for WordPress Plugin – WP Full Pay
Application: Stripe Payment forms for WordPress Plugin – WP Full Pay
Date: Sep 05, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free allows SQL Injection. This issue affects WP Full Stripe Free: from n/a through 8.3.0.
Affected versions: max 8.3.0.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-9322
Home page URL: Security reports for Stripe Payment forms for WordPress Plugin – WP Full Pay
Application: Stripe Payment forms for WordPress Plugin – WP Full Pay
Date: Oct 25, 2025
Research Description: The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 8.3.2.
Status: vulnerable