What the vulnerability does
01Description
Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
The Onepay Payment Gateway For WooCommerce plugin through version 1.1.2 lacks proper authorization checks on certain functions. An attacker without authentication can modify payment data or disrupt transactions. This affects WooCommerce sites using the plugin, potentially allowing unauthorized changes to order status or payment records.
What an attacker can do
03Attacker Capabilities
Modify payment data or disrupt transactions without authentication.
Potential impact on your site
04Site Impact
Attackers can alter payment records or order status, affecting transaction integrity and customer trust.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 29, 2026
Record updated