VYPR

Xendit Payment

by WordPress

CVEs (1)

  • CVE-2025-14461MedFeb 4, 2026
    risk 0.27cvss 5.3epss 0.00

    The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint (`wc_xendit_callback`) that processes payment…