Skip to main content

Razorpay Payment Links For Woocommerce

1 CVEs product

Monthly

CVE-2026-57424 MEDIUM This Month

Missing authorization in Razorpay Payment Links for WooCommerce (versions through 2.1.4) allows unauthenticated network attackers to invoke privileged plugin actions without any authentication check. The flaw stems from CWE-862, where one or more AJAX endpoints or REST routes in the plugin fail to verify the caller's identity or capability before executing sensitive operations, resulting in low-severity integrity and availability impacts against WooCommerce payment link workflows. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass WordPress Razorpay Payment Links For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization in Razorpay Payment Links for WooCommerce (versions through 2.1.4) allows unauthenticated network attackers to invoke privileged plugin actions without any authentication check. The flaw stems from CWE-862, where one or more AJAX endpoints or REST routes in the plugin fail to verify the caller's identity or capability before executing sensitive operations, resulting in low-severity integrity and availability impacts against WooCommerce payment link workflows. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Authentication Bypass WordPress Razorpay Payment Links For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy