5 matches found
CVE-2025-14461
The CVE describes unauthenticated order-status manipulation in the Xendit Payment plugin for WordPress (WooCommerce integration). Versions up to and including 6.0.2 expose a publicly accessible API callback endpoint (wc_xendit_callback) that processes payment callbacks without authenticating orig...
CVE-2025-14461 Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid
The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...
EUVD-2025-206808
The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...
WordPress plugin Xendit Payment 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Xendit Payment plugin <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Xendit Payment versions = 6.0.2...