Vulnerabilities

CVE-2025-12355

by Fred · 05/12/2025

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wp_ajax_nopriv_update_order_status’ AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses.

More information : https://wordpress.org/plugins/payaza/

Similar

Tags: Cybersecurity Alert