CVE-2025-9189: Unauthenticated Payment Bypass in Contact Form 7 PayPal & Stripe Add-on

www.wordfence.com 2026-05-29English translation pending; showing Chinese查看中文 →

Security AdvisoryCVE-2025-9189MediumContact Form 7

Affected:

Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9

Fixed in:

2.4.10

Referenced CVEs: CVE-2026-9189 · 5.3

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from www.wordfence.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Equalize Digital Accessibility Checker <=1.42.0 Missing Authorization Vulnerability (CVE-2026-9015) 2026-05-30 Frontend Admin <= 3.28.28 Authenticated SQL Injection in 'order' Parameter (CVE-2026-10039) 2026-05-30 WordPress Photo Gallery by 10Web Authenticated SQL Injection via order_by (CVE-2026-7048) 2026-05-29 CVE-2025-14481 Yoast SEO IDOR Sensitive Information Exposure 2026-05-29 CVE-2026-6275: WordPress StatCounter <= 2.1.1 Authenticated Stored XSS 2026-05-29

Offline Archive

Offline screenshot & PDF are Pro-exclusive