CVE-2026-9284 | WooCommerce PayPal Payments Plugin up to 4.0.1 on WordPress ppc-create-order/ppc-get-order authorization

A vulnerability marked as critical has been reported in WooCommerce PayPal Payments Plugin up to 4.0.1 on WordPress. This affects the function ppc-create-order/ppc-get-order. This manipulation causes missing authorization.

This vulnerability is tracked as CVE-2026-9284. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More