{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:53:11.189","vulnerabilities":[{"cve":{"id":"CVE-2025-14978","sourceIdentifier":"security@wordfence.com","published":"2026-01-20T02:15:45.873","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. This makes it possible for unauthenticated attackers to modify the status of arbitrary WooCommerce orders."},{"lang":"es","value":"El plugin PeachPay — Payments &amp; Express Checkout para WooCommerce (compatible con Stripe, PayPal, Square, Authorize.net) para WordPress es vulnerable a la modificación no autorizada de datos debido a la falta de controles de capacidad en el endpoint REST del webhook de ConvesioPay en todas las versiones hasta la 1.119.8, inclusive. Esto posibilita que atacantes no autenticados modifiquen el estado de órdenes arbitrarias de WooCommerce."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/peachpay-for-woocommerce/tags/1.119.5/core/payments/convesiopay/routes/class-peachpay-convesiopay-webhook.php#L33","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5480a151-3e3a-46ba-9712-6c61fba06812?source=cve","source":"security@wordfence.com"}]}}]}