cleantalk
Vulnerabilities and Security Researches

Chapa Payment Gateway Plugin for WooCommerce, CVE-2025-15482

CVE, Research URL

CVE-2025-15482

Home page URL

Security reports for Chapa Payment Gateway Plugin for WooCommerce

Application

Chapa Payment Gateway Plugin for WooCommerce

Published on
Feb 04, 2026
Research Description
The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including the merchant's Chapa secret API key.
Affected versions
max 1.0.3.
Status
vulnerable
Previous vulnerability researches
Travelfic Toolkit (CVE-2026-24940) , Feb 27, 2026
Travelfic Toolkit (CVE-2025-39585) , Apr 18, 2025
New vulnerability
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026
Bold Page Builder (CVE-2025-12159) , Feb 28, 2026