cleantalk
Vulnerabilities and Security Researches

Razorpay for WooCommerce, b3b5a9ab191aa9218a81975fdc32d16d3db57aa9

CVE, Research URL

b3b5a9ab191aa9218a81975fdc32d16d3db57aa9

Home page URL

Security reports for Razorpay for WooCommerce

Application

Razorpay for WooCommerce

Published on
Nov 28, 2023
Research Description
Razorpay for WooCommerce [woo-razorpay] < 4.5.7 Razorpay for WooCommerce <= 4.5.6 - Missing Authorization The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification due to a missing capability check on several functions hooked via admin_post in all versions up to, and including, 4.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update, direct, create, and reverse transfers through the plugin.
Affected versions
max 4.5.7.
Status
vulnerable
Previous vulnerability researches
Razorpay for WooCommerce (b3b5a9ab191aa9218a81975fdc32d16d3db57aa9) , Jun 07, 2024
Razorpay for WooCommerce (CVE-2025-14294) , Feb 27, 2026
New vulnerability
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026