9 matches found
CVE-2026-48799
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...
CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...
EUVD-2026-44712
Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...
CVE-2026-48799
CVE-2026-48799 - Postiz : An unauthenticated Nowpayments IPN callback verification flaw allows a low-privilege attacker to read the target subscription ID from the untrusted request body and grant lifetime PRO subscriptions to arbitrary organizations. Root cause: missing IPN authenticity verifica...
CVE-2026-39448
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
CVE-2026-39448
The CVE highlights an Unauthenticated Broken Access Control issue in the WordPress NOWPayments for WooCommerce plugin, affecting versions <= 1.4.0. The vulnerability type is explicitly described as Broken Access Control, with no user interaction required and no privileges granted to attackers....
PT-2026-54983
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by b4shu206 in WordPress Plugin NOWPayments for WooCommerce versions = 1.4.0...