CVE-2025-15475

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

CVE-2025-15475

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

CVE-2025-15475 PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

CVE-2025-15475

CVE-2025-15475 affects the PayHere Payment Gateway Plugin for WooCommerce (WordPress). The issue arises from improper validation in the check_payhere_response function, allowing unauthenticated attackers to modify data and change the status of pending WooCommerce orders to paid/completed/on hold ...

CVE-2025-15475 PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

WordPress plugin PayHere Payment Gateway Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-2838

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check payhere response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers t...

WordPress PayHere Payment Gateway plugin for WooCommerce plugin <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification vulnerability

Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin PayHere Payment Gateway Plugin for WooCommerce versions = 2.3.9...

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

Information disclosure

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin contains an unauthenticated information-disclosure vulnerability in versions prior to 2.2.12. The root cause is the automatic creation of publicly accessible log files containing sensitive transaction data, leading to potential exposure of confidential...

CVE-2023-6064 PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

CVE-2023-6064 PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

WordPress Plugin PayHere Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-14870 · WordPress · Payhere Payment Gateway

Name of the Vulnerable Software and Affected Versions: PayHere Payment Gateway WordPress plugin versions prior to 2.2.12 Description: The issue arises from the automatic creation of publicly-accessible log files containing sensitive information when transactions occur. This affects the PayHere...

PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...

PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure

Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. PoC https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...