Campay Woocommerce Payment Gateway Unauthenticated Payment Bypass Vulnerability

A vulnerability exists in the Campay Woocommerce Payment Gateway plugin for WordPress, affecting all versions through 1.2.2. The issue arises from inadequate validation of transactions processed through the payment gateway, allowing unauthenticated attackers to bypass payment requirements and falsely mark orders as completed. This exploitation can lead to financial losses for merchants.

Impact

Exploitation of this vulnerability allows for unauthorized payment bypass, enabling attackers to mark orders as successfully completed without processing an actual payment. This could result in a direct loss of revenue for businesses using this payment gateway.

Remediation

There is no known patch available for this vulnerability. It is recommended to review the vulnerability details thoroughly and consider uninstalling the affected plugin, replacing it with a suitable alternative.