Description
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Plugin
AI Analysis

Impact

Missing authorization in the Noor Alam Checkout for PayPal WordPress plugin enables an attacker to abuse incorrectly configured access control levels, allowing unauthorized actions such as viewing or modifying checkout settings. This vulnerability is classified as a broken access control weakness (CWE-862) and can lead to confidentiality, integrity, or availability impact on the e‑commerce site. It is not a remote code execution flaw but provides an attacker with elevated privileges beyond what is intended.

Affected Systems

Vulnerable systems run the Noor Alam Checkout for PayPal WordPress plugin version 1.0.46 or older. No specific sub‑versions are excluded; the entire range from the first release up to and including 1.0.46 is affected. Only WordPress installations using this plugin are impacted.

Risk and Exploitability

The CVSS base score is 5.3, indicating moderate severity. EPSS is below 1 %, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers could potentially exploit the issue by sending specially crafted requests to plugin endpoints that lack proper authorization checks. Because the flaw originates from missing access control, it is likely limited to users who can reach the plugin’s administration pages but can bypass the intended permission model.

Generated by OpenCVE AI on March 19, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Checkout for PayPal plugin to any version newer than 1.0.46 if available.
  • If an upgrade is not feasible, temporarily deactivate or remove the plugin to eliminate the risk.
  • Implement strict role‑based access controls and verify that only trusted users have administrative privileges to the WordPress site.
  • Review audit logs for suspicious activity and consider enabling additional logging for checkout‑related operations.

Generated by OpenCVE AI on March 19, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Noorsplugin
Noorsplugin checkout For Paypal
Wordpress
Wordpress wordpress
Vendors & Products Noorsplugin
Noorsplugin checkout For Paypal
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
Title WordPress Checkout for PayPal plugin <= 1.0.46 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Noorsplugin Checkout For Paypal
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:07.144Z

Reserved: 2026-03-12T11:11:04.190Z

Link: CVE-2026-32387

cve-icon Vulnrichment

Updated: 2026-03-13T20:30:31.500Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:54.100

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32387

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:04:12Z

Weaknesses