What the vulnerability does
01Description
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.53.
Explanation of Vulnerability in Simple Terms
02Summary
The Payment Gateway for PayPal on WooCommerce plugin for WordPress contains a missing authorization check that allows unauthenticated attackers to modify payment-related data. An attacker can send a network request without credentials to alter transaction records or payment settings. This affects all versions up to 9.0.53. Site owners should update to a version newer than 9.0.53 immediately.
What an attacker can do
03Attacker Capabilities
Modify payment data or transaction records without logging in.
Potential impact on your site
04Site Impact
Payment records or settings could be altered by unauthorized parties, risking transaction integrity and customer trust.
Conditions required to exploit
05Prerequisites
None. The attacker needs only network access; no authentication or user interaction required.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated