Vulnerabilities and security researches forchapa-payment-gateway-for-woocommerce chapa-payment-gateway-for-woocommerce

Feb 28, 2026

CVE, Research URL: CVE-2025-15482
Home page URL: Security reports for Chapa Payment Gateway Plugin for WooCommerce
Application: Chapa Payment Gateway Plugin for WooCommerce
Date: Feb 04, 2026
Research Description: The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including the merchant's Chapa secret API key.
Affected versions: max 1.0.3.
Status: vulnerable