CVE-2026-56025
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in Paymob for WooCommerce

Vulnerability report for CVE-2026-56025, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack paymob_for_woocommerce to 4.1.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56025 is a Broken Access Control vulnerability in the WordPress Paymob for WooCommerce Plugin versions 4.1.2 and below.

This vulnerability allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization, authentication, or nonce token checks.

It is classified under OWASP Top 10's A1: Broken Access Control category and has a CVSS score of 7.5, indicating a significant security risk.

Detection Guidance

There is no specific detection method or commands provided for identifying this vulnerability on your network or system.

However, since the vulnerability affects Paymob for WooCommerce Plugin versions 4.1.2 and below, you can check the installed plugin version on your WordPress site to determine if it is vulnerable.

  • Log in to your WordPress admin dashboard and navigate to Plugins to check the Paymob for WooCommerce version.
  • Alternatively, use WP-CLI command: wp plugin list | grep paymob-for-woocommerce to see the installed version.

Since the vulnerability allows unauthenticated users to perform higher-privileged actions due to broken access control, monitoring unusual or unauthorized actions related to the Paymob plugin in your web server logs or application logs may help detect exploitation attempts.

Impact Analysis

This vulnerability can allow attackers who are not logged in to perform higher-privileged actions within the Paymob for WooCommerce plugin.

Such unauthorized actions could lead to manipulation or misuse of the plugin's functionality, potentially compromising the integrity of your e-commerce operations.

Although the actual impact is considered low, the CVSS score of 7.5 suggests it could be exploited on a large scale if left unpatched.

Currently, there is no official patch available, so immediate mitigation steps like updating the plugin when possible or seeking help from a developer are recommended.

Compliance Impact

The vulnerability is an unauthenticated broken access control issue that allows unauthorized users to perform higher-privileged actions. Such unauthorized access can lead to potential misuse or manipulation of data, which may impact compliance with standards like GDPR or HIPAA that require strict access controls and protection of sensitive information.

However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with GDPR, HIPAA, or other regulations.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability since there is no official patch available yet.

  • Update the Paymob for WooCommerce plugin to a version higher than 4.1.2 once a patch is released.
  • Seek assistance from your hosting provider or a developer to implement temporary access control measures.
  • Monitor for any suspicious activity related to unauthorized access attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56025. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart