CVE Catalog

CVE-2026-57635

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

The FunnelKit Payment Gateway for Stripe WooCommerce plugin version 1.14.0.3 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of a logged-in WooCommerce store administrator.

Risk Assessment

The risk involves an attacker being able to execute unauthorized operations, such as changing payment settings or hijacking an administrator account, without the victim's knowledge or consent.

Recommendation

It is recommended to immediately update the FunnelKit Payment Gateway for Stripe WooCommerce plugin to the latest available version that addresses this vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS