CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 6:45 a.m.•34 views

CVE-2026-9618 PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

4.3CVSS0.00135EPSS

CVE•added 2026/05/28 6:45 a.m.•17 views

CVE-2026-9618

The CVE-2026-9618 entry concerns the PeachPay for WooCommerce plugin (WordPress) with versions up to and including 1.120.46. Affected component: peachpay_stripe_handle_admin_actions function, where missing/incorrect nonce validation enables Cross-Site Request Forgery. Impact: unauthenticated atta...

EUVD•added 2026/05/28 6:45 a.m.•6 views

EUVD-2026-32731

ATTACKERKB•added 2026/05/28 6:45 a.m.•6 views

CVE-2026-9618

Vulnrichment•added 2026/05/28 6:45 a.m.•7 views

Exploits0References9

CVE-2026-9618 PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44210

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Exploits0References9

WordPress plugin PeachPay — Payments & Express Checkout for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

Patchstack•added 2026/05/27 6:40 p.m.•7 views

WordPress PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink vulnerability

Cross-Site Request Forgery to Stripe Unlink vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PeachPay Payments versions = 1.120.46...

4.3CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/21 1:32 a.m.•13 views

CVE-2025-14978

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including,...

NVD•added 2026/01/20 2:15 a.m.•3 views

Exploits0References1

CVE-2025-14978

5.3CVSS0.00219EPSS

ATTACKERKB•added 2026/01/20 1:22 a.m.•5 views

CVE-2025-14978

5.3CVSS5.6AI score0.00219EPSS

Exploits0References3

Cvelist•added 2026/01/20 1:22 a.m.•17 views

CVE-2025-14978 PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification

5.3CVSS0.00219EPSS

Vulnrichment•added 2026/01/20 1:22 a.m.•0 views

CVE•added 2026/01/20 1:22 a.m.•16 views

CVE-2025-14978

CVE-2025-14978 : PeachPay — Payments & Express Checkout for WooCommerce (WordPress) is vulnerable to unauthorized data modification due to missing capability checks on the ConvesioPay webhook REST endpoint. The flaw exists in all versions up to and including 1.119.8, enabling unauthenticated atta...

Positive Technologies•added 2026/01/20 12:0 a.m.•2 views

PT-2026-3531

CNNVD•added 2026/01/20 12:0 a.m.•3 views

Exploits0References3

WordPress plugin PeachPay has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.9AI score0.00219EPSS