cleantalk
Vulnerabilities and Security Researches

Chapa Payment Gateway Plugin for WooCommerce, CVE-2025-15482

CVE, Research URL

CVE-2025-15482

Home page URL

Security reports for Chapa Payment Gateway Plugin for WooCommerce

Application

Chapa Payment Gateway Plugin for WooCommerce

Published on
Feb 04, 2026
Research Description
The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including the merchant's Chapa secret API key.
Affected versions
max 1.0.3.
Status
vulnerable
Previous vulnerability researches
Chapa Payment Gateway Plugin for WooCommerce (CVE-2025-15482) , Feb 28, 2026
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026