Primary

Context

Netcash WooCommerce Payment Gateway Missing Authorization Vulnerability in Order Status Modification

Vulnerability

A vulnerability exists in the Netcash WooCommerce Payment Gateway plugin for WordPress, specifically in versions through 4.1.3. The issue arises from a lack of proper capability checks in the handle_return_url function, allowing unauthenticated attackers to alter the status of any WooCommerce order, marking it as processing or completed.

Impact

Exploitation of this vulnerability allows for unauthorized users to change the status of WooCommerce orders, potentially leading to improper order management and fulfillment.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jan 14, 2026, 6:29 AM

Updated: Jan 14, 2026, 6:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netcash WooCommerce Payment Gateway Missing Authorization Vulnerability in Order Status Modification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating