Lucene search
K

277 matches found

CVE
CVE
added 2026/01/09 4:31 a.m.20 views

CVE-2025-14886

CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...

5.3CVSS5AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-1756

Name of the Vulnerable Software and Affected Versions Japanized for WooCommerce versions up to and including 2.7.17 Description The Japanized for WooCommerce plugin for WordPress is susceptible to unauthorized data modification. A missing capability check on the order REST API endpoint allows...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/08 10:29 p.m.6 views

WordPress Japanized for WooCommerce plugin <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Japanized For WooCommerce versions = 2.7.17...

5.3CVSS6.9AI score0.00236EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/07 12:16 p.m.6 views

CVE-2025-14460

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/07 11:20 a.m.12 views

WordPress Piraeus Bank WooCommerce Payment Gateway plugin <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Change vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Piraeus Bank WooCommerce Payment Gateway versions = 3.1.4...

5.3CVSS6.8AI score0.0036EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/07 9:21 a.m.18 views

CVE-2025-14460

CVE-2025-14460 affects the Piraeus Bank WooCommerce Payment Gateway for WordPress. The Wordfence entry confirms missing authorization on the payment callback endpoint, allowing unauthenticated attackers to change any order status to “failed” by supplying the MerchantReference (order ID). Versions...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.4 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS5.5AI score0.0036EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.28 views

CVE-2025-14460 Piraeus Bank WooCommerce Payment Gateway <= 3.1.4 - Missing Authorization to Unauthenticated Arbitrary Order Status Change

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1636

Name of the Vulnerable Software and Affected Versions Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions through 3.1.4 Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is susceptible to unauthorized modification of order statuses. This is a result ...

5.3CVSS6.4AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Piraeus Bank WooCommerce Payment Gateway 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

5.3CVSS6.6AI score0.0036EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Cost Calculator Builder plugin <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions vulnerability

Authenticated Subscriber+ Missing Authorization via getccorders/updateorderstatus Functions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

8.1CVSS5.5AI score0.00286EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/16 4:31 a.m.5 views

EUVD-2025-203497

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

5.3CVSS4.8AI score0.00917EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/16 4:31 a.m.35 views

CVE-2025-13956 LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...

5.3CVSS0.00917EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 4:31 a.m.29 views

CVE-2025-13956

The connected Wordfence vulnerability entry confirms CVE-2025-13956 for LearnPress – WordPress LMS Plugin, affecting all versions up to 4.3.1. It permits unauthenticated actors to view orders statistics (e.g., total revenue summaries and order status counts) due to a missing capability check in t...

5.3CVSS4.9AI score0.00917EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.14 views

CVE-2025-13666

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.14 views

CVE-2025-12355

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

5.3CVSS5.4AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/12/06 6:15 a.m.9 views

CVE-2025-13666

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.25 views

CVE-2025-13666 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-13666 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

5.3CVSS5.7AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2025/12/06 5:49 a.m.24 views

CVE-2025-13666

CVE-2025-13666 refers to the Helloprint WordPress plugin (WordPress Helloprint plugin) with vulnerability in versions up to and including 2.1.2. The issue is Missing Authorization due to a publicly registered REST API endpoint that does not verify request authenticity, enabling unauthenticated ac...

5.3CVSS5.7AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder