CVE-2025-7820
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woocommerce | skt_paypal | 1.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The SKT PayPal for WooCommerce plugin for WordPress has a vulnerability where it only enforces payment controls on the client side instead of the server side. This allows unauthenticated attackers to bypass payment processing and make confirmed purchases without actually paying.
How can this vulnerability impact me? :
This vulnerability can allow attackers to obtain goods or services without payment, leading to financial loss and potential disruption of business operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the SKT PayPal for WooCommerce plugin to a version later than 1.4 where server-side payment controls are properly enforced. If an update is not available, consider disabling the plugin until a fix is released. Additionally, review payment processing workflows to ensure server-side validation is in place to prevent payment bypass.