Tag

Paypal

1 brief RSS

WooCommerce PayPal Payments Plugin Vulnerable to Order Manipulation and Information Disclosure (CVE-2026-9284)

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on WC-AJAX endpoints, allowing attackers to manipulate order payment flows and exfiltrate sensitive order details (CVE-2026-9284).

WooCommerce PayPal Payments plugin <= 4.0.1 woocommerce wordpress paypal authorization-bypass information-disclosure

2r 1t 1c 1h ago