WooPayments: Integrated WooCommerce Payments

Vulnerabilities 11Slug woocommerce-paymentsLatest version 10.7.1WordPress.org →

Minimum safe version

10.6.0

Update to 10.6.0 or later to address 11 fixable vulnerabilities

Latest available10.7.1 ✓

N/A

2026-03-31< 10.6.0

WordPress WooCommerce Payments Plugin <= 10.5.1 is vulnerable to Broken Access Control

Patchstack Wordfence CVE

Medium 5.9

2024-12-27< 6.7.0

WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

Patchstack CVE Wordfence WPScan

Medium 6.5

2023-12-14< 6.5.0

CVE-2023-49828

CVE Patchstack Wordfence WPScan

N/A

< 4.9.0

WooCommerce Payments < 4.9.0 - Subscription Suspension/Activation via CSRF

WPScan

N/A

< 4.5.1

WooCommerce Payments < 4.5.1 - Intent Parameter Tampering

WPScan

N/A

2022-08-09< 4.5.1

WooCommerce Payments <= 4.5.0 - Payment Bypass

Wordfence

High 7.5

2023-12-20< 5.9.1

CVE-2023-35916

CVE Patchstack Wordfence

High 7.6

2023-12-20< 5.9.1

CVE-2023-35915

CVE Patchstack Wordfence

Critical 9.8

2023-04-12< 5.6.2

CVE-2023-28121

CVE WPScan

N/A

2023-03-23< 5.6.2

WordPress WooCommerce Payments Plugin <= 5.6.1 is vulnerable to Privilege Escalation

Patchstack

N/A

2023-03-23< 5.6.2

WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

Wordfence