WordPress WooPayments plugin <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update via saveupeappearanceajax vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Payments versions = 10.5.1...

EUVD-2026-17315

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

CVE-2026-1710

The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveupeappearanceajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to...

CVE-2023-49828

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a throu...

EUVD-2023-39906

Malicious code in bioql PyPI...

EUVD-2023-56216

Malicious code in bioql PyPI...

EUVD-2023-39907

Malicious code in bioql PyPI...

EUVD-2023-53736

Malicious code in bioql PyPI...

CVE-2023-35916

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0...

CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

WooPayments < 6.7.0 - Unauthenticated Order Deletion via IDOR

Description The plugin does not validate orders ownership which could allow unauthenticated attacker to delete orders by knowing the order ID and cart hash i.e. they would have to create a cart that matches the items in the order they are trying to delete. Furthermore, only stores running on lega...

CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

CVE-2023-51503

CVE-2023-51503 relates to WooPayments (Automattic Woo) and is described as an unauthenticated Authorization Bypass via a user-controlled key. The vulnerability affects WooPayments up to 6.9.2 and is characterized as an insecure direct object reference, enabling bypass of authorization controls. T...

WordPress Plugin WooPayments Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-31841 · Woo · Woopayments

Name of the Vulnerable Software and Affected Versions: WooPayments – Fully Integrated Solution Built and Supported by Woo versions n/a through 6.9.2 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the WooPayments...

WordPress WooPayments Plugin < 6.5.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:woopayments"; if description...

WordPress WooPayments Plugin < 5.9.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:woopayments"; if description...

CVE-2023-35915

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0...