Back to CVE List

CVE-2026-7862

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.6 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Vulnerability Description

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-284
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!