49 matches found
EUVD-2026-9018
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...
CVE-2026-1305
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...
CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...
CVE-2026-1305
The CVE-2026-1305 entry concerns the WordPress plugin Japanized for WooCommerce (WooCommerce for Japan) with an authentication bypass vulnerability. The root cause is a flawed paidy_webhook_permission_check that unconditionally returns true when the webhook signature header is omitted, allowing u...
CVE-2026-1305 Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...
PT-2026-22329
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidy webhook permission check function that unconditionally returns true when the webhook signature header is...
WordPress Japanized for WooCommerce plugin <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability
Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Japanized For WooCommerce versions = 2.8.4...
CVE-2025-14886
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...
CVE-2025-14886
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...
CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...
CVE-2025-14886
CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...
CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...
WordPress plugin Japanized for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Japanized for WooCommerce plugin <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Japanized For WooCommerce versions = 2.7.17...
EUVD-2025-28198
Malicious code in bioql PyPI...
EUVD-2023-51796
Malicious code in bioql PyPI...
CVE-2023-0942
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-47698
Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through = 2.6.4...
CVE-2025-48284
Cross-Site Request Forgery CSRF vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through = 2.6.40...
WordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by luckybuddy in WordPress Plugin Japanized For WooCommerce versions = 2.6.40...