Rupantorpay

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending crafted requests to the WooCommerce API endpoint.

Basic Information

ID CVE-2025-15511

Source Wordfence

Published Jan 28, 2026 at 11:23

Affected Product

Vendor rupantorpay

Product Rupantorpay

Version *

Affected Versions rupantorpay Rupantorpay *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending crafted requests to the WooCommerce API endpoint.",
    "published": "2026-01-28T11:23:38.266Z",
    "modified": "2026-01-28T11:23:38.266Z",
    "type": "cve",
    "title": "Rupantorpay <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1b21bdfd-42ec-43fe-b581-04276b86c50b?source=cve\nhttps://plugins.trac.wordpress.org/browser/rupantorpay/tags/2.0.0/includes/class-wc-rupantorpay-gateway.php#L172",
    "id": "CVE-2025-15511",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "rupantorpay Rupantorpay *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Rupantorpay",
    "version": "*",
    "vendor": "rupantorpay",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Rupantorpay <= 2.0.0 - Missing Authorization to Unauthenticated Order Status Modification_CVE-2025-15511