VYPR
Vendor

Xendit

Products
1
CVEs
1
Across products
1
Status
Private

Products

1

Recent CVEs

1
  • CVE-2025-14461MedFeb 4, 2026
    risk 0.27cvss 5.3epss 0.00

    The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint (`wc_xendit_callback`) that processes payment…