Shoheitanaka Japanized For Woocommerce vulnerabilities
3 known vulnerabilities affecting shoheitanaka/japanized_for_woocommerce.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-0942P4MEDIUMCVSS 6.1PoC≤ 2.5.42023-02-21
CVE-2023-0942 [MEDIUM] CWE-79 CVE-2023-0942: The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully
nvd
CVE-2026-1305P3MEDIUMCVSS 5.3≤ 2.8.42026-02-27
CVE-2026-1305 [MEDIUM] CWE-287 CVE-2026-1305: The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versi
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the `paidy_webhook_permission_check` function that unconditionally returns `true` when the webhook signature header is omitted. This makes it possible for unauthenticated attac
nvd
CVE-2025-14886P4MEDIUMCVSS 5.3≤ 2.7.172026-01-09
CVE-2025-14886 [MEDIUM] CWE-862 CVE-2025-14886: The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of dat
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order as processed/completed.
nvd