cbcvebase.

Shoheitanaka Japanized For Woocommerce vulnerabilities

3 known vulnerabilities affecting shoheitanaka/japanized_for_woocommerce.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-0942P4MEDIUMCVSS 6.1PoC≤ 2.5.42023-02-21
CVE-2023-0942 [MEDIUM] CWE-79 CVE-2023-0942: The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully
nvd
CVE-2026-1305P3MEDIUMCVSS 5.3≤ 2.8.42026-02-27
CVE-2026-1305 [MEDIUM] CWE-287 CVE-2026-1305: The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versi The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Authentication in versions up to, and including, 2.8.4. This is due to a flawed permission check in the `paidy_webhook_permission_check` function that unconditionally returns `true` when the webhook signature header is omitted. This makes it possible for unauthenticated attac
nvd
CVE-2025-14886P4MEDIUMCVSS 5.3≤ 2.7.172026-01-09
CVE-2025-14886 [MEDIUM] CWE-862 CVE-2025-14886: The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of dat The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order as processed/completed.
nvd
Shoheitanaka Japanized For Woocommerce vulnerabilities | cvebase