CVE-2026-42655 HIGH

CVE-2026-42655: WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Vendor Wpmanageninja
Product Best Payments Plugin for WP
Weakness CWE-472
Published June 15, 2026
Last update June 15, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.

Explanation of Vulnerability in Simple Terms

02Summary

The Best Payments Plugin for WP versions up to 4.6.19 contain an integrity vulnerability that allows attackers to modify data without authentication. The attack requires specific network conditions and cannot be exploited remotely under normal circumstances. Site administrators should update to a version newer than 4.6.19 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Modify payment or plugin data without authentication.

Potential impact on your site

04Site Impact

Payment records or plugin settings could be altered by an attacker without your knowledge or consent.

Conditions required to exploit

05Prerequisites

Network access and specific attack conditions; no authentication required.

Key dates

06Disclosure timeline

June 15, 2026 CVE published
June 15, 2026 Record updated

Related vulnerabilities

08Related CVE