Woopayments
Approved changes feed: RSS · Atom
cpe:2.3:a:automattic:woopayments:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Automattic (1dc39c9b-4ddb-5af6-acf4-410b436129a9) |
|---|---|
| Product | Woopayments (f01e9e2a-e0e3-51ab-9707-3cfc1d8037a3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-51503 |
vulnerable | 2026-06-03 14:53:32.344594 |
WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)
MEDIUM (5.9)
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.
Published: 2023-12-31T17:59:28.385Z
Updated: 2026-04-28T16:09:03.343Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49828 |
vulnerable | 2026-06-03 14:53:26.524020 |
WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.
Published: 2023-12-14T14:29:47.110Z
Updated: 2026-04-28T16:08:58.086Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35916 |
vulnerable | 2026-06-03 14:52:19.248176 |
WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)
HIGH (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
Published: 2023-12-20T15:12:38.385Z
Updated: 2026-04-28T16:08:30.797Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35915 |
vulnerable | 2026-06-03 14:52:19.247764 |
WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
Published: 2023-12-20T15:15:38.226Z
Updated: 2026-04-28T16:08:30.797Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28121 |
vulnerable | 2026-06-03 14:51:08.043330 |
Details available
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Published: 2023-04-12T00:00:00.000Z
Updated: 2024-08-02T12:30:24.170Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.