CVE-2026-57364 MEDIUM

CVE-2026-57364: WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More plugin <= 2.2.0 - Other Vulnerability Type vulnerability

Vendor Wpdeveloper
Product Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More
Weakness CWE-1284
Published July 13, 2026
Last update July 13, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions &amp; More: from n/a through <= 2.2.0.

Explanation of Vulnerability in Simple Terms

02Summary

The Better Payment plugin for WordPress contains a vulnerability that allows attackers to modify data or disrupt service availability. No authentication is required, and the attack can be performed remotely without user interaction. The vulnerability affects all versions up to and including 2.2.0. Site administrators should update to a version newer than 2.2.0 when available.

What an attacker can do

03Attacker Capabilities

Modify payment or donation data, or cause the plugin to become unavailable.

Potential impact on your site

04Site Impact

Payment records or donation data could be altered, or the payment functionality could stop working.

Conditions required to exploit

05Prerequisites

None. The attacker needs only network access to the site.

Key dates

06Disclosure timeline

July 13, 2026 CVE published

Related vulnerabilities

08Related CVE