Lucene search
K

34 matches found

CVE
CVE
added 3 days ago8 views

CVE-2026-57340

CVE-2026-57340 describes an Unauthenticated Broken Access Control vulnerability in the WordPress plugin Japanized For WooCommerce versions up to 2.9.12 . The metric indicates a CVSS v3.1 base score of 6.5 (Medium) with attack vector Network , attack complexity Low , privileges required None , use...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-57340

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 10:16 a.m.7 views

CVE-2026-1305

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidywebhookpermissioncheck function that unconditionally returns true when the webhook signature header is omitted...

5.3CVSS0.00407EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22329

The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the paidy webhook permission check function that unconditionally returns true when the webhook signature header is...

5.3CVSS6AI score0.00407EPSS
Exploits0References7
NVD
NVD
added 2026/01/09 5:15 a.m.3 views

CVE-2025-14886

The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...

5.3CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 4:31 a.m.2 views

CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification

The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...

5.3CVSS5AI score0.00236EPSS
Exploits0References2
CVE
CVE
added 2026/01/09 4:31 a.m.19 views

CVE-2025-14886

CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...

5.3CVSS5AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.3 views

WordPress plugin Japanized for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-51796

Malicious code in bioql PyPI...

8.6CVSS8.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.6 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.4AI score0.01213EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.9 views

CVE-2023-47698

Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through = 2.6.4...

8.6CVSS7.3AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.6 views

CVE-2025-48284

Cross-Site Request Forgery CSRF vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through = 2.6.40...

5.4CVSS5.9AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 4:34 p.m.5 views

WordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by luckybuddy in WordPress Plugin Japanized For WooCommerce versions = 2.6.40...

5.4CVSS6.6AI score0.00124EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/05/19 3:15 p.m.9 views

CVE-2025-48284

Cross-Site Request Forgery CSRF vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through = 2.6.40...

5.4CVSS0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 2:45 p.m.4 views

CVE-2025-48284 WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40...

5.4CVSS5.5AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:45 p.m.27 views

CVE-2025-48284

In CVE-2025-48284, the WordPress plugin Japanized For WooCommerce (

5.4CVSS5.9AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 2:45 p.m.16 views

CVE-2025-48284 WordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through = 2.6.40...

5.4CVSS0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-21987 · Woocommerce · Japanized For Woocommerce

Name of the Vulnerable Software and Affected Versions: Japanized For WooCommerce versions 2.6.40 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by tricking a user...

5.4CVSS5.4AI score0.00124EPSS
Exploits0References4
NVD
NVD
added 2024/12/09 1:15 p.m.11 views

CVE-2023-47698

Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through = 2.6.4...

8.6CVSS0.00397EPSS
Exploits0References1
Prion
Prion
added 2023/05/08 2:15 p.m.10 views

Cross site scripting

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

5.8CVSS6AI score0.0085EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder