High severity8.6NVD Advisory· Published May 28, 2026· Updated May 28, 2026
CVE-2026-7862
CVE-2026-7862
Description
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<4.7.2+ 1 more
- (no CPE)range: <4.7.2
- (no CPE)range: <4.7.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.