CVE-2026-11855 - Simple Membership < 4.7.5 - Unauthenticated Stored XSS via Stripe Webhook API Version
CVE ID :CVE-2026-11855 Published : July 6, 2026, 8:16 a.m. | 6 hours, 58 minutes ago Description :The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before...