WordPress Nexi XPay plugin <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Nexi XPay versions = 8.3.0...

CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

CVE-2025-15511

The CVE-2025-15511 entry concerns the WordPress Rupantorpay plugin. It states that all versions up to and including 2.0.0 are vulnerable due to a missing capability check in handle_webhook(), enabling unauthenticated attackers to modify WooCommerce order statuses via crafted requests to the WooCo...

CVE-2025-14978 PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including,...

WordPress PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

WordPress PeachPay - Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin = 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugi...

CVE-2025-14880

CVE-2025-14880 concerns the Netcash WooCommerce Payment Gateway plugin for WordPress. The vulnerability arises from a missing capability check in the handle_return_url function, present in all versions up to and including 4.1.3, enabling unauthenticated attackers to modify data and mark WooCommer...

WordPress Netcash WooCommerce Payment Gateway plugin <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Netcash WooCommerce Payment Gateway versions = 4.1.3...

CVE-2025-14886

CVE-2025-14886 concerns Japanized for WooCommerce for WordPress. It is a data modification vulnerability due to missing capability check on the order REST API endpoint, affecting all versions up to and including 2.7.17. Unauthenticated attackers could mark any WooCommerce order as processed/compl...