CVE-2026-57635
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The FunnelKit Payment Gateway for Stripe WooCommerce plugin version 1.14.0.3 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of a logged-in WooCommerce store administrator.
Risk Assessment
The risk involves an attacker being able to execute unauthorized operations, such as changing payment settings or hijacking an administrator account, without the victim's knowledge or consent.
Recommendation
It is recommended to immediately update the FunnelKit Payment Gateway for Stripe WooCommerce plugin to the latest available version that addresses this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

