[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_xGto2EN-VlhC8TBxkOsBp_i71XRym_lrl1bc3zcjbI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"CVE-2026-2729","forminator-contact-form-payment-form-custom-form-builder-missing-authorization-to-unauthenticated-stripe-paymentintent-r","Forminator – Contact Form, Payment Form & Custom Form Builder \u003C= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse \u002F Underpayment Bypass via 'paymentid' Parameter","The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public payment flow. This makes it possible for unauthenticated attackers to submit high-value paid forms as completed by reusing a previously succeeded low-value Stripe PaymentIntent, resulting in underpayment\u002Fpayment bypass conditions.","forminator",null,"\u003C=1.52.0","1.52.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2026-05-04 17:34:23","2026-05-05 06:43:30",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1afb94ab-b3ba-4598-8ff4-f9ffc6717371?source=api-prod",1,[],false,0,{"type":25,"vulnerable_version":26,"fixed_version":9,"vulnerable_browse":27,"vulnerable_zip":28,"fixed_browse":9,"fixed_zip":9,"all_tags":29},"plugin","1.50.3","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fforminator\u002Ftags\u002F1.50.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforminator.1.50.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fforminator\u002Ftags"]