A vulnerability marked as critical has been reported in awordpresslife Event Monster Plugin up to 2.1.0 on WordPress. This impacts the function capture_payment of the component PayPal API . This manipulation causes insufficient verification of data authenticity. This vulnerability is tracked as CVE-2026-8608 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.