CVE-2026-9284

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (1)

NVD HIGH: CVE-2026-9284 — The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthoriz...

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all versions up to, and including, 4.0.1. The `ppc-create-order` endpoint accepts an arbitrary WooCommerce order ID in the `pay-now` context without validating order ow

CVE-2026-9284

May 23, 2026NIST NVD