CVE-2026-11462
Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue.
| CWE | CWE-285 CWE-266 |
| Vendor | chengdu everbrite network technology |
| Product | beikeshop |
| Published | Jun 7, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for chengdu everbrite network technology beikeshop
Be the first to know when new high vulnerabilities affecting chengdu everbrite network technology beikeshop are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Chengdu Everbrite Network Technology / BeikeShop
1.6.0.0 1.6.0.1 1.6.0.2 1.6.0.3 1.6.0.4 1.6.0.5 1.6.0.6 1.6.0.7 1.6.0.8 1.6.0.9 1.6.0.10 1.6.0.11 1.6.0.12 1.6.0.13 1.6.0.14 1.6.0.15 1.6.0.16 1.6.0.17 1.6.0.18 1.6.0.19 1.6.0.20 1.6.0.21 1.6.0.22
References
vuldb.com: https://vuldb.com/vuln/369082 vuldb.com: https://vuldb.com/vuln/369082/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11462 vuldb.com: https://vuldb.com/submit/831466 github.com: https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md github.com: https://github.com/beikeshop/beikeshop/commit/6719e0fc690ea0a998452092862e0f0a17c65968
Credits
๐ Fklov (VulDB User)