Vulnerabilities and security researches foreupago-gateway-for-woocommerce eupago-gateway-for-woocommerce

Jun 07, 2024

CVE, Research URL: CVE-2023-45638
Home page URL: Security reports for Eupago Gateway For Woocommerce
Application: Eupago Gateway For Woocommerce
Date: Oct 16, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.
Affected versions: max 3.1.10.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-62870
Home page URL: Security reports for Eupago Gateway For Woocommerce
Application: Eupago Gateway For Woocommerce
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.3.
Affected versions: max 4.6.3.
Status: vulnerable

May 30, 2026

CVE, Research URL: CVE-2026-7862
Home page URL: Security reports for Eupago Gateway For Woocommerce
Application: Eupago Gateway For Woocommerce
Date: May 28, 2026
Research Description: The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.
Affected versions: max 4.7.2.
Status: vulnerable