CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

automattic

woopayments

5 known vulnerabilities · sorted by CVSS score

CVE-2023-28121

CRITICAL9.8

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.

automattic / woocommerce_payments+8

Network

Published Apr 12, 2023

CVE-2023-35915

HIGH7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

automattic / woopayments

Network

Published Dec 20, 2023

CVE-2023-35916

HIGH7.5

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.

automattic / woopayments

Network

Published Dec 20, 2023

CVE-2023-49828

MEDIUM6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.

automattic / woopayments

Network

Published Dec 14, 2023

CVE-2023-51503

MEDIUM5.9

automattic / woopayments

Network

Published Dec 31, 2023