CVE Catalog
CVE-2026-39448
HighCVSS 7.5Summary
The NOWPayments for WooCommerce plugin version 1.4.0 and earlier contains an unauthenticated Broken Access Control vulnerability. An attacker without authentication can gain unauthorized access to functions or data.
Risk Assessment
The risk involves potential unauthorized access to sensitive plugin functions or data, which could compromise the integrity or confidentiality of the WooCommerce system.
Recommendation
It is recommended to immediately update the NOWPayments for WooCommerce plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

