GCVE - cpe:2.3:a:woocommerce:woopayments:_integrated_woocommerce

Approved changes feed: RSS · Atom

cpe:2.3:a:woocommerce:woopayments:_integrated_woocommerce_payments:*:*:*:*:*:*:*:*

part: a version: _integrated_woocommerce_payments update: *

Vendor	Woocommerce (`c7b0e075-8e70-51f0-86a8-e45639512f20`)
Product	Woopayments (`efa9e6e6-e4fd-50ab-9a9a-6b4b0bc7620c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-1710`	vulnerable	2026-06-03 15:14:45.167222	WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax MEDIUM (6.5) The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to update plugin settings. Published: 2026-03-31T04:25:32.434Z Updated: 2026-05-12T16:56:37.124Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/cec13225-baa3-4f26-b2d2-af6106888c74?source=cve https://plugins.trac.wordpress.org/browser/woocommerce-payments/tags/10.4.0/includes/class-wc-payment-gateway-wcpay.php#L4125 https://plugins.trac.wordpress.org/changeset/3480315/woocommerce-payments/trunk/includes/class-wc-payment-gateway-wcpay.php https://research.cleantalk.org/cve-2026-1710/	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.