2 matches found
CVE-2025-14078
CVE-2025-14078 affects the PAYGENT for WooCommerce WordPress plugin (versions up to 2.4.6). The root cause is missing authorization checks in paygent_check_webhook and a paygent_permission_callback that unconditionally returns true, enabling unauthenticated attackers to forge payment callbacks an...
CVE-2025-14078
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...