Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/02/04 8:25 a.m.3 views

CVE-2026-0679 Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS5.5AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/04 8:25 a.m.29 views

CVE-2026-0679 Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS0.00345EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/04 8:25 a.m.4 views

CVE-2025-14461 Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

5.3CVSS5.3AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 12:15 p.m.9 views

CVE-2025-15511

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

5.3CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.29 views

CVE-2025-15511 Rupantorpay <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

5.3CVSS0.00205EPSS
Exploits0References2
Rows per page
Query Builder