CVE-2025-58795 MEDIUM

CVE-2025-58795: WordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing Vulnerability

Vendor Payoneer Checkout
Product Payoneer Checkout
Weakness CWE-862 · Missing authorization
Published September 5, 2025
Last update May 12, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.

Explanation of Vulnerability in Simple Terms

02Summary

Payoneer Checkout versions 3.4.0 and earlier lack proper authorization checks, allowing an attacker to modify data through user interaction. The vulnerability requires the victim to visit a malicious link or page. Only data integrity is affected; confidentiality and availability are not impacted. Update to a version newer than 3.4.0.

What an attacker can do

03Attacker Capabilities

Modify checkout data or settings if a user visits a malicious link.

Potential impact on your site

04Site Impact

Checkout data could be altered without authorization if users are tricked into visiting malicious links.

Conditions required to exploit

05Prerequisites

Victim must click a link or visit an attacker-controlled page; no authentication required.

Key dates

06Disclosure timeline

September 5, 2025 CVE published
May 12, 2026 Record updated

Related vulnerabilities

08Related CVE