PatchSiren cyber security CVE debrief
CVE-2026-42378 Themeisle CVE debrief
CVE-2026-42378 is a MEDIUM severity vulnerability (CVSS Score: 6.5) in the WP Full Stripe Free plugin for WordPress, affecting versions up to 8.4.1. The vulnerability is related to subscriber broken authentication. The CVE was published on 2026-06-15T21:16:53.863Z and modified on 2026-06-15T21:24:32.790Z.
- Vendor
- Themeisle
- Product
- WP Full Stripe Free
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WP Full Stripe Free plugin for WordPress, particularly those with subscriber-level access, should be aware of this vulnerability. The vulnerability could potentially allow unauthorized access or actions by exploiting the broken authentication mechanism.
Technical summary
The vulnerability is described as CWE-288, which relates to authentication bypass. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that the vulnerability can be exploited over the network with low privileges and no user interaction, potentially leading to high confidentiality impacts.
Defensive priority
MEDIUM
Recommended defensive actions
- Update WP Full Stripe Free plugin to a version that fixes this vulnerability.
- Review and monitor subscriber-level access and activities on your WordPress site.
- Consider implementing additional security measures for authentication and access control.
Evidence notes
The vulnerability information was obtained from Patchstack (see resourceLinkAnnotations). The CVE record and details are available from official sources like CVE.org and NVD.
Official resources
-
CVE-2026-42378 CVE record
CVE.org
-
CVE-2026-42378 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42378 was published on 2026-06-15T21:16:53.863Z and modified on 2026-06-15T21:24:32.790Z.