VYPR

Xendit Payment

by Xendit

CVEs (1)

  • CVE-2025-14461MedFeb 4, 2026
    risk 0.27cvss 5.3epss 0.00

    The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint (`wc_xendit_callback`) that processes payment…