CVE-2025-15512

CVSS v3.1

5.3

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check success response() function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce order to

pending payment

status.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-15512

Affected Products

Aplazo Payment Gateway

CVE-2025-15512

Weakness Enumeration

Related Identifiers

Affected Products

References · 3