WordPress Aplazo Payment Gateway plugin missing privileges vulnerability

WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...

CVE-2025-15512

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checksuccessresponse function in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to set any WooCommerce order ...

CVE-2025-15512

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checksuccessresponse function in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to set any WooCommerce order ...

CVE-2025-15512 Aplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status Manipulation

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checksuccessresponse function in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to set any WooCommerce order ...

CVE-2025-15512 Aplazo Payment Gateway <= 1.4.2 - Missing Authorization to Unauthenticated Order Status Manipulation

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checksuccessresponse function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce order ...

EUVD-2026-2528

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checksuccessresponse function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce order ...

CVE-2025-15512

The CVE-2025-15512 entry describes a vulnerability in the WordPress Aplazo Payment Gateway plugin (versions up to and including 1.4.2) where a missing capability check in check_success_response() allows unauthenticated attackers to modify any WooCommerce order to the pending payment status. Multi...

PT-2026-2839

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check success response function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce orde...

WordPress plugin Aplazo Payment Gateway 安全漏洞

WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...

WordPress Aplazo Payment Gateway plugin <= 1.4.2 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability

Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Aplazo Payment Gateway versions = 1.4.2...