Skip to main content

Nowpayments For Woocommerce

1 CVEs product

Monthly

CVE-2026-39448 HIGH This Week

Broken access control in the NOWPayments for WooCommerce WordPress plugin (versions <= 1.4.0) allows unauthenticated remote attackers to perform actions or modify state that should be restricted, without any authentication. The flaw stems from a missing authorization check (CWE-862) on a network-reachable endpoint, and per its CVSS 3.1 vector it affects integrity only (I:H) with no confidentiality or availability impact. No public exploit has been identified at time of analysis, though the vulnerability was cataloged by Patchstack, a specialist in WordPress plugin security research.

Authentication Bypass WordPress Nowpayments For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Broken access control in the NOWPayments for WooCommerce WordPress plugin (versions <= 1.4.0) allows unauthenticated remote attackers to perform actions or modify state that should be restricted, without any authentication. The flaw stems from a missing authorization check (CWE-862) on a network-reachable endpoint, and per its CVSS 3.1 vector it affects integrity only (I:H) with no confidentiality or availability impact. No public exploit has been identified at time of analysis, though the vulnerability was cataloged by Patchstack, a specialist in WordPress plugin security research.

Authentication Bypass WordPress Nowpayments For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy