Hi @rsb1234,
Thank you for sharing this with us. This vulnerability was patched in version 8.2.6 (released in July), so if you’re running one of the latest versions, you’re protected.
We’ve already reached out to the Wordfence team and the original reporter to clarify why their listing hasn’t been updated to reflect this patch.
Thanks again for bringing it to our attention!
Hi @rsb1234,
We’ve confirmed that the fix was incorrectly flagged as still vulnerable and this issue was fully resolved in version 8.2.6 as mentioned before. The vulnerability is patched, and you’re safe if you’re running the latest versions of the plugin.
For reference, here’s the updated report confirming the patch:
https://patchstack.com/database/wordpress/plugin/wp-full-stripe-free/vulnerability/wordpress-wp-full-stripe-free-plugin-8-3-0-sql-injection-vulnerability
Wordfence’s listing should also be updated shortly once they refresh their data.
Thanks again for bringing this to our attention once again.
