What the vulnerability does
01Description
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway - Paysera: from n/a through <= 3.10.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Paysera WooCommerce Payment Gateway plugin through version 3.10.0 lacks proper authorization checks on certain functions. A logged-in user with low privileges can modify payment-related data or settings they should not have access to. The vulnerability does not expose sensitive information or cause service disruption, but allows unauthorized changes to payment configuration.
What an attacker can do
03Attacker Capabilities
A logged-in user can modify payment settings or data they are not authorized to change.
Potential impact on your site
04Site Impact
Unauthorized users may alter payment gateway configuration, potentially disrupting transactions or redirecting payments.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the WordPress site (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated