Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

peachpay — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting peachpay. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PeachPay operates as a payment processing platform facilitating e-commerce transactions. Historically, the system has been susceptible to multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, with five CVEs documented. These weaknesses often stem from improper input validation and insecure deserialization. The platform's security posture has been further complicated by privilege escalation flaws that could allow unauthorized access to administrative functions. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in payment-related components suggests potential risks for merchants and customers relying on the service.

Top products by peachpay: PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) Related Products for WooCommerce PeachPay Payments
CVE IDTitleCVSSSeverityPublished
CVE-2025-14978 PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification — PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI)CWE-862 5.3 Medium2026-01-20
CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter — PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI)CWE-89 6.5 Medium2025-09-10
CVE-2025-58634 WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability — PeachPay PaymentsCWE-862 5.3 Medium2025-09-03
CVE-2024-11362 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting — PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI)CWE-79 6.1 Medium2024-11-23
CVE-2023-5234 Related Products for WooCommerce <= 3.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Related Products for WooCommerceCWE-79 6.4 Medium2023-11-22

This page lists every published CVE security advisory associated with peachpay. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.