Lucene search
K

5 matches found

CVE
CVE
added 2026/02/04 8:25 a.m.19 views

CVE-2025-14461

The CVE describes unauthenticated order-status manipulation in the Xendit Payment plugin for WordPress (WooCommerce integration). Versions up to and including 6.0.2 expose a publicly accessible API callback endpoint (wc_xendit_callback) that processes payment callbacks without authenticating orig...

5.3CVSS5.3AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/04 8:25 a.m.28 views

CVE-2025-14461 Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

5.3CVSS0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 8:25 a.m.5 views

EUVD-2025-206808

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

5.3CVSS5.3AI score0.00345EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

WordPress plugin Xendit Payment 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/03 11:19 p.m.7 views

WordPress Xendit Payment plugin <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Xendit Payment versions = 6.0.2...

5.3CVSS5.4AI score0.00345EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder