All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)

16d ago· 3 min readenNews
technologysecurity

Summary

A security vulnerability (CVE-2026-11462) has been discovered in Chengdu Everbrite Network Technology's BeikeShop e-commerce platform up to version 1.6.0.22. The vulnerability affects the Stripe Plugin component, specifically in the callback function of StripeController.php. By manipulating the Request argument, an attacker can achieve improper authorization remotely. The exploit has been publicly disclosed and could be actively used. A patch identified by commit hash 6719e0fc690ea0a998452092862e0f0a17c65968 is available and recommended for installation.

Source

bskyCVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)nvd.nist.gov

Key quotes

· 5 pulled
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22.
Performing a manipulation of the argument Request results in improper authorization.
The attack can be initiated remotely.
The exploit has been made public and could be used.
It is suggested to install a patch to address this issue.
Snippet from the RSS feed
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the arg

You might also wanna read

Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)

watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control

watchTowr Labs·1mo ago

CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1

A security vulnerability (CVE-2026-48800 bypass) has been discovered in Notepad++ v8.9.6.1, the latest patched version. The vulnerability in

github.com·13d ago

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago

Critical LangChain Core Vulnerability (CVE-2025-68664) Allows Serialization Injection Attacks

Cyata Research discloses LangGrinch (CVE-2025-68664), a critical vulnerability in LangChain Core that allows serialization injection attacks

cyata.ai·6mo ago

Bitwarden CLI 2026.4.0 Compromised in Checkmarx Supply Chain Attack via GitHub Action

Socket researchers discovered that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign. Th

socket.dev·2mo ago

Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure

Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Wiz.io·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.