Primary

Context

Chapa Payment Gateway Plugin for WooCommerce Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure exists in the Chapa Payment Gateway Plugin for WooCommerce, affecting all versions up to and including 1.0.3. The issue arises through the 'chapa_proceed' WooCommerce API endpoint, where unauthenticated attackers can access sensitive data, including the merchant's Chapa secret API key.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to access sensitive information, specifically the merchant's Chapa secret API key.

Reproduction

To reproduce this vulnerability, send a request to the 'chapa_proceed' WooCommerce API endpoint. This can be done without authentication, and the response will include the Chapa secret API key.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Feb 4, 2026, 9:27 AM

Updated: Feb 4, 2026, 5:14 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

2.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

2.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chapa Payment Gateway Plugin for WooCommerce Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating