CVE-2026-4911 | masaakitanaka Booking Package Plugin up to 1.7.06 on WordPress Stripe PaymentIntent API CreditCard.php intentForStripe Amount external control of assumed-immutable web parameter

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability was found in masaakitanaka Booking Package Plugin up to 1.7.06 on WordPress and classified as problematic. Affected is the function intentForStripe of the file CreditCard.php of the component Stripe PaymentIntent API. Such manipulation of the argument Amount leads to external control of assumed-immutable web parameter.

This vulnerability is referenced as CVE-2026-4911. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-4911 | masaakitanaka Booking Package Plugin up to 1.7.06 on WordPress Stripe PaymentIntent API CreditCard.php intentForStripe Amount external control of assumed-immutable web parameter

Post correlati

CVE-2025-1818 | zj1983 zz up to 2024-8 ZfileAction.upload file unrestricted upload

CVE-2025-21696 | Linux Kernel up to 6.12.10 mm mremap state issue

CVE-2024-56041 | VibeBP Plugin sql injection

CVE-2024-50944 | SimplCommerce 230310c8d7a0408569b292c5a805c459d47a1d8f Shopping Cart AddToCart quantity integer overflow