Bleeping Computer

WPForms bug allows Stripe refunds on millions of WordPress sites

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under ...
Searchenginejournal.com

WPForms Plugin Vulnerability Affects Up To 6 Million Sites

The WPForms plugin for WordPress exposes websites to a vulnerability that allows attackers to update subscriptions and issue refunds. This flaw enables attackers to modify data they normally should ...
heise online

Wordpress: WPForms plug-in tears security hole in 6 million websites

Attackers can abuse a loophole in the Wordpress plug-in WPForms to reverse payments, for example. Six million websites use the plug-in. The Wordpress plug-in WPForms is one of the most popular ...