PT-2026-29191 · Woocommerce · Woopayments: Integrated Woocommerce Payments
Dmitry Ignatyev
·
Published
2026-03-31
·
Updated
2026-03-31
·
CVE-2026-1710
CVSS v3.1
6.5
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save upe appearance ajax' function in all versions up to, and including, 10.5.1. This makes it possible for unauthenticated attackers to update plugin settings.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woopayments: Integrated Woocommerce Payments