SKT PayPal for WooCommerce

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers to make confirmed purchases without actually paying for them.

Basic Information

ID CVE-2025-7820

Source Wordfence

Published Nov 27, 2025 at 04:36

Affected Product

Vendor sonalsinha21

Product SKT PayPal for WooCommerce

Version *

Affected Versions sonalsinha21 SKT PayPal for WooCommerce *

CWE Classification

CWE-602

References

{
    "lastseen": "",
    "description": "The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers to make confirmed purchases without actually paying for them.",
    "published": "2025-11-27T04:36:43.662Z",
    "modified": "2025-11-27T04:36:43.662Z",
    "type": "cve",
    "title": "SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a67b1b3-eb39-4e9a-ba44-ea637fc3bba1?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403118%40skt-paypal-for-woocommerce&new=3403118%40skt-paypal-for-woocommerce&sfp_email=&sfph_mail=",
    "id": "CVE-2025-7820",
    "bulletinFamily": "",
    "cwe": [
        "CWE-602"
    ],
    "cvelist": null,
    "sourceData": "sonalsinha21 SKT PayPal for WooCommerce *",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SKT PayPal for WooCommerce",
    "version": "*",
    "vendor": "sonalsinha21",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass_CVE-2025-7820