cleantalk
Vulnerabilities and Security Researches

Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net, CVE-2025-14978

CVE, Research URL

CVE-2025-14978

Home page URL

Security reports for Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net

Application

Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net

Published on
Jan 20, 2026
Research Description
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. This makes it possible for unauthenticated attackers to modify the status of arbitrary WooCommerce orders.
Affected versions
max 1.119.9.
Status
vulnerable
Previous vulnerability researches
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net (CVE-2025-14978) , Jan 27, 2026
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net (CVE-2024-11362) , Nov 24, 2024
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net (CVE-2025-58634) , Sep 05, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026