Razorpay Payment Links For Woocommerce
Monthly
Missing authorization in Razorpay Payment Links for WooCommerce (versions through 2.1.4) allows unauthenticated network attackers to invoke privileged plugin actions without any authentication check. The flaw stems from CWE-862, where one or more AJAX endpoints or REST routes in the plugin fail to verify the caller's identity or capability before executing sensitive operations, resulting in low-severity integrity and availability impacts against WooCommerce payment link workflows. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.
Missing authorization in Razorpay Payment Links for WooCommerce (versions through 2.1.4) allows unauthenticated network attackers to invoke privileged plugin actions without any authentication check. The flaw stems from CWE-862, where one or more AJAX endpoints or REST routes in the plugin fail to verify the caller's identity or capability before executing sensitive operations, resulting in low-severity integrity and availability impacts against WooCommerce payment link workflows. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.