Primary

Context

Aplazo Payment Gateway WordPress Plugin Missing Authorization Vulnerability in Order Status Manipulation

Vulnerability

A vulnerability exists in the Aplazo Payment Gateway plugin for WordPress, affecting all versions up to and including 1.4.2. The issue arises from a lack of proper capability checks in the check_success_response() function, allowing unauthenticated attackers to change the status of any WooCommerce order to 'pending payment'.

Impact

Exploitation of this vulnerability allows for unauthorized changes to WooCommerce order statuses, potentially disrupting order management and payment processing.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jan 14, 2026, 7:25 AM

Updated: Jan 14, 2026, 7:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Aplazo Payment Gateway WordPress Plugin Missing Authorization Vulnerability in Order Status Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating