A vulnerability categorized as critical has been discovered in themeisle Stripe Payment Forms by WP Full Pay Plugin up to 8.4.3 on WordPress. This issue affects the function wpfs_update_failed_payment_status of the file Stripe.js . The manipulation of the argument db results in missing authorization. This vulnerability is identified as CVE-2026-12432 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.