112 matches found
CVE-2026-9284
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
WordPress WooCommerce PayPal Payments plugin <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability
Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PayPal Payments versions = 4.0.1...
CVE-2026-9284 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
CVE-2026-9284
CVE-2026-9284 affects the WooCommerce PayPal Payments plugin for WordPress (all versions up to and including 4.0.1). The vulnerability stems from missing authorization checks on the WC‑AJAX endpoints ppc-create-order and ppc-get-order , allowing unauthorized manipulation of PayPal orders and expo...
CVE-2026-9284 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
EUVD-2026-31524
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
CVE-2026-9284
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
WordPress plugin WooCommerce PayPal Payments 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through = 4.0.4...
CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through = 4.0.4...
CVE-2026-39707
CVE-2026-39707 concerns the WordPress plugin “Accept PayPal Payments using Contact Form 7” (versions through 4.0.4). Multiple sources describe a missing authorization / broken access control vulnerability caused by misconfigured access controls that could be exploited to perform actions without p...
CVE-2026-39707 WordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through = 4.0.4...
CVE-2026-39707 WordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through = 4.0.4...
CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through = 4.0.4...
PT-2026-31269
Name of the Vulnerable Software and Affected Versions Accept PayPal Payments using Contact Form 7 versions through 4.0.4 Description A missing authorization issue exists in the ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension, allowing exploitation of...
WordPress plugin Accept PayPal Payments using Contact Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability
WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin = 1.25 - SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Attractive Donations System - Easy Stripe & Paypal donations versions = 1.25...
PT-2026-20378
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process paypal sdk payment' function in all versions up to, and including, 6.0.6.9. This...
CVE-2025-14463
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...
CVE-2023-25714
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25...