<ul><li>Security researchers discovered a vulnerability in the WPForms WordPress plugin that could allow for Stripe refunds on millions of sites.</li><li>The bug allows users with low-level accounts to issue arbitrary Stripe refunds and cancel subscriptions.</li><li>The developers have released a patch and users are advised to update to the latest version or disable the plugin.</li><li>WPForms is installed on over six million websites, with many still running the vulnerable versions.</li></ul>

Security flaw in top WordPress plugin could allow for Stripe refunds on millions of sites

Discover more