CVE-2026-1305

🗓️ 27 Feb 2026 09:23:43Reported by AttackerKBType

Japanized for WooCommerce up to 2.8.4 allows unauthenticated webhook requests to mark orders as Processing or Completed when signature header is omitted.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2026-1305	27 Feb 202613:33	–	circl
CNNVD	WordPress plugin Japanized for WooCommerce 授权问题漏洞	27 Feb 202600:00	–	cnnvd
CVE	CVE-2026-1305	27 Feb 202609:23	–	cve
Cvelist	CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation	27 Feb 202609:23	–	cvelist
EUVD	EUVD-2026-9018	27 Feb 202612:31	–	euvd
NVD	CVE-2026-1305	27 Feb 202610:16	–	nvd
Patchstack	WordPress Japanized for WooCommerce plugin <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability	26 Feb 202623:55	–	patchstack
Positive Technologies	PT-2026-22329	27 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1305	28 Feb 202614:00	–	redhatcve
Vulnrichment	CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation	27 Feb 202609:23	–	vulnrichment

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/woocommerce-for-japan/tags/2.8.2/includes/gateways/paidy/class-wc-paidy-endpoint.php
plugins	www.plugins.trac.wordpress.org/browser/woocommerce-for-japan/trunk/includes/gateways/paidy/class-wc-paidy-endpoint.php
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
plugins	www.plugins.trac.wordpress.org/browser/woocommerce-for-japan/trunk/includes/gateways/paidy/class-wc-paidy-endpoint.php
plugins	www.plugins.trac.wordpress.org/browser/woocommerce-for-japan/tags/2.8.2/includes/gateways/paidy/class-wc-paidy-endpoint.php
plugins	www.plugins.trac.wordpress.org/changeset/3464868/woocommerce-for-japan/trunk/includes/gateways/paidy/class-wc-paidy-endpoint.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8cef4b2b-ae8d-4e18-b763-6960a0b944f7

27 Feb 2026 10:30Current

6Medium risk

Vulners AI Score6

CVSS 3.15.3

EPSS0.0046