Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
PayPal WooCommerce Plugins: Incorrect Access Control Exposes Payment Data
CVE-2026-39643
Summary
Payment plugins for PayPal on WooCommerce stores are vulnerable to unauthorized access due to incorrectly configured security settings. If not addressed, attackers could access sensitive payment information. Update to the latest version of the plugin (2.0.14 or higher) to fix the issue.
Original title
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This...
Original description
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026