WordPress · Paygent For Woocommerce · CVE-2025-14078
**Name of the Vulnerable Software and Affected Versions**
PAYGENT for WooCommerce plugin versions prior to 2.4.6
**Description**
The PAYGENT for WooCommerce plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the `paygent check webhook` function, combined with the `paygent permission callback` function consistently returning true. This allows unauthenticated attackers to manipulate payment callbacks and alter order statuses by sending fabricated payment notifications to the `/wp-json/paygent/v1/check/` endpoint.
**Recommendations**
Update the PAYGENT for WooCommerce plugin to a version later than 2.4.6.