What the vulnerability does
01Description
Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More: from n/a through <= 2.2.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Better Payment plugin for WordPress contains a vulnerability that allows attackers to modify data or disrupt service availability. No authentication is required, and the attack can be performed remotely without user interaction. The vulnerability affects all versions up to and including 2.2.0. Site administrators should update to a version newer than 2.2.0 when available.
What an attacker can do
03Attacker Capabilities
Modify payment or donation data, or cause the plugin to become unavailable.
Potential impact on your site
04Site Impact
Payment records or donation data could be altered, or the payment functionality could stop working.
Conditions required to exploit
05Prerequisites
None. The attacker needs only network access to the site.
Key dates
06Disclosure timeline
July 13, 2026
CVE published