5 matches found
CVE-2026-9284
CVE-2026-9284 affects the WooCommerce PayPal Payments plugin for WordPress (all versions up to and including 4.0.1). The vulnerability stems from missing authorization checks on the WCβAJAX endpoints ppc-create-order and ppc-get-order , allowing unauthorized manipulation of PayPal orders and expo...
CVE-2026-9284
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...
CVE-2025-14156
The Fox LMS β WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...
CVE-2025-14156 Fox LMS β WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'
The Fox LMS β WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the /fox-lms/v1/payments/create-order REST API endpoint...
CVE-2025-14156
Fox LMS β WordPress LMS Plugin (versions prior to 1.0.5.1) is vulnerable to unauthenticated privilege escalation via the /fox-lms/v1/payments/create-order endpoint, caused by invalid validation of the 'role' parameter. This allows an attacker to create user accounts with arbitrary roles (includin...