    Home /
    Blog /
    wordpress 4.9.10
  

Security Advisory

WordPress 4.9.10 Security: CVE-2023-0275 Vulnerability Guide

    📅 June 07, 2026
    ·⏱ 5 min read
    ·🔒 SiteRecipe Security Team
  

⚠ 7,821 websites still running wordpress 4.9.10 → View full list

Total

Medium

WordPress 4.9.10 is an older version of the popular content management system that powers over 7,800 websites worldwide. While it served many sites well, security vulnerabilities have been discovered that require immediate attention. One critical issue involves the Easy Accept Payments for PayPal plugin, which could expose your website to potential attacks through contributor-level user accounts.

If you're running WordPress 4.9.10, understanding this vulnerability is essential to protecting your website, customer data, and reputation. This guide will walk you through identifying if you're affected and implementing the necessary security fixes.

What is Wordpress 4.9.10?

WordPress 4.9.10 is a mature version of WordPress released several years ago. It's the core platform that helps website owners create and manage content without needing to write code. Think of it as a digital publishing house where you can write posts, upload images, manage pages, and interact with visitors—all through a user-friendly dashboard.

The Easy Accept Payments for PayPal plugin is an add-on tool that allows WordPress websites to accept payments from customers directly through PayPal. It simplifies the payment process for online stores and service providers. However, older versions of this plugin contained a security flaw where certain PayPal payment form details weren't properly protected, potentially allowing lower-level users to inject malicious code into payment pages.

Key Vulnerabilities in Wordpress 4.9.10

1 CVEs found. The most critical are explained below.

MEDIUM CVE-2023-0275 5.4/10 · CVSS v3.1 ⏱ Within 30 days

PayPal Plugin Security Flaw Allows Malicious Code Injection

A security vulnerability exists in the Easy Accept Payments for PayPal plugin version 4.9.10 where certain settings aren't properly checked before being displayed on your website. This allows staff members with contributor access or higher to insert harmful code that affects your visitors.

Impact: Attackers with staff access could inject malicious code that steals customer information, compromises visitor accounts, or redirects customers to fraudulent sites when they view pages with PayPal payment forms.

↗ View on NVD

Is your website running Wordpress 4.9.10?

Scan your site in 30 seconds. Used by 500+ web agencies.

Scan my website — free 📋 See all 7,821 affected sites

How to Check If Your Website Is Affected

1 Log into your WordPress admin dashboard and click 'Plugins' in the left sidebar
2 Look for 'Easy Accept Payments for PayPal' in your installed plugins list and note its version number
3 Check if the version is below 4.9.10—if it is, your site is vulnerable to CVE-2023-0275

How to Fix These Vulnerabilities

1 Log into your WordPress admin panel and navigate to the Plugins section
2 Find 'Easy Accept Payments for PayPal' and click 'Update Now' if an update is available
3 If no update appears, deactivate the plugin by clicking 'Deactivate' beneath its name
4 Consider removing the plugin entirely or finding a more secure alternative payment solution to protect your website

Conclusion

WordPress 4.9.10 contains a real security vulnerability that could compromise your website if left unaddressed. The good news is that fixing this issue is straightforward and takes only minutes. By updating or replacing the vulnerable PayPal plugin, you'll significantly improve your website's security posture and protect both your business and your customers from potential harm.

Don't leave your website vulnerable to attacks. Use SiteRecipe.com's comprehensive vulnerability scanner to identify all security issues on your WordPress site instantly. Our platform scans your entire website, flags vulnerabilities like CVE-2023-0275, and provides step-by-step fix guidance tailored to your specific setup. Visit SiteRecipe.com today and get peace of mind knowing your website is secure.

Frequently Asked Questions

Is WordPress 4.9.10 still safe to use?

WordPress 4.9.10 is outdated and no longer receives security updates from WordPress.org. While it may function, it's vulnerable to multiple security risks including CVE-2023-0275. We strongly recommend upgrading to the latest WordPress version to ensure your site receives regular security patches and protection.

Can a contributor really inject malicious code through this vulnerability?

Yes, this vulnerability allows users with contributor-level access to bypass security protections on PayPal shortcode attributes. A malicious contributor could inject harmful code that executes when customers view payment forms, potentially stealing payment information or redirecting users to phishing sites.

What should I do if I can't update the plugin?

If the plugin doesn't offer updates, remove it immediately and switch to a modern, actively-maintained payment solution. You can also restrict contributor access rights as a temporary measure, but this doesn't fully address the vulnerability. Contact the plugin developer or consider alternative PayPal integration plugins that are regularly updated.

Generate white-label reports for your clients

Web agencies use SiteRecipe to produce branded PDF security reports in 30 seconds.

Free scan Agency plans 📋 7,821 affected sites

DISCLAIMER: This report is based on publicly available CVE data from the National Vulnerability Database (NVD) maintained by NIST. Detection of a technology version does not confirm active exploitation on any specific website. For informational purposes only. SiteRecipe is not responsible for actions taken based on this report. Always consult a qualified security professional.

Source: nvd.nist.gov · Published: June 07, 2026 · SiteRecipe.com