PatchSiren cyber security CVE debrief
CVE-2026-42655 WPManageNinja CVE debrief
CVE-2026-42655 is a MEDIUM severity vulnerability found in the Best Payments Plugin for WP, affecting versions up to and including 4.6.19. This vulnerability allows unauthenticated attackers to bypass payment security measures. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.9. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- WPManageNinja
- Product
- Best Payments Plugin for WP
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Best Payments Plugin for WP, especially those using versions up to and including 4.6.19, should be aware of this vulnerability and take necessary actions to secure their installations.
Technical summary
The vulnerability is described as an unauthenticated bypass vulnerability. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that it has a high impact on integrity and no impact on confidentiality and availability. The weakness associated with this vulnerability is CWE-472.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the Best Payments Plugin for WP to a version that is not vulnerable (if available).
- Refer to [ref-4] for mitigation or vendor reference.
Evidence notes
The vendor of the product is listed as Unknown Vendor. The canonical source for this vulnerability is reference_domain_weak with low confidence. The evidence for the vendor and product comes from Patchstack.
Official resources
-
CVE-2026-42655 CVE record
CVE.org
-
CVE-2026-42655 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42655 was published on 2026-06-15T21:16:55.100Z and last modified on 2026-06-15T21:24:32.790Z.