VYPR

Peachpay For Woocommerce

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-9463MedSep 10, 2025
    risk 0.42cvss 6.5epss 0.00

    The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user…

  • CVE-2024-11362MedNov 23, 2024
    risk 0.40cvss 6.1epss 0.00

    The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,…

  • CVE-2025-14978MedJan 20, 2026
    risk 0.34cvss 5.3epss 0.00

    The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up…

  • CVE-2025-58634MedSep 3, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in peachpay PeachPay Payments peachpay-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PeachPay Payments: from n/a through <= 1.117.4.

  • CVE-2026-9618MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce…