WooCommerce PayPal Payments
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28121 | Cri | 0.74 | 9.8 | 0.87 | Apr 12, 2023 | An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the… | ||
| CVE-2023-35916 | Hig | 0.49 | 7.5 | 0.01 | Dec 20, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | ||
| CVE-2023-35915 | Hig | 0.49 | 7.6 | 0.01 | Dec 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a… | ||
| CVE-2026-9284 | Hig | 0.46 | 8.2 | 0.00 | May 23, 2026 | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all versions up to, and including, 4.0.1. The… | ||
| CVE-2023-51503 | Med | 0.38 | 5.9 | 0.00 | Dec 31, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | ||
| CVE-2023-35917 | Med | 0.28 | 4.3 | 0.00 | Jun 22, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. |
- risk 0.74cvss 9.8epss 0.87
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the…
- risk 0.49cvss 7.5epss 0.01
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a…
- risk 0.46cvss 8.2epss 0.00
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all versions up to, and including, 4.0.1. The…
- risk 0.38cvss 5.9epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.