Lucene search
K

9 matches found

NVD
NVD
added 4 hours ago4 views

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago3 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-44712

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
CVE
CVE
added 6 hours ago5 views

CVE-2026-48799

CVE-2026-48799 - Postiz : An unauthenticated Nowpayments IPN callback verification flaw allows a low-privilege attacker to read the target subscription ID from the untrusted request body and grant lifetime PRO subscriptions to arbitrary organizations. Root cause: missing IPN authenticity verifica...

7.7CVSS6.2AI score0.00022EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-39448

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-39448

The CVE highlights an Unauthenticated Broken Access Control issue in the WordPress NOWPayments for WooCommerce plugin, affecting versions &lt;= 1.4.0. The vulnerability type is explicitly described as Broken Access Control, with no user interaction required and no privileges granted to attackers....

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-54983

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/29 2:14 p.m.8 views

WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by b4shu206 in WordPress Plugin NOWPayments for WooCommerce versions = 1.4.0...

7.5CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
Rows per page
Query Builder