Medium severity5.3NVD Advisory· Published Apr 14, 2026· Updated Apr 22, 2026
CVE-2025-15565
CVE-2025-15565
Description
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=8.3.0
Patches
Vulnerability mechanics
References
2News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)Wordfence Blog · Apr 23, 2026