CVE-2026-56025
Deferred Deferred - Pending Action
Unauthenticated Broken Access Control in Paymob for WooCommerce

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56025
EUVD
EUVD-2026-39688
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack paymob_for_woocommerce to 4.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56025 is a Broken Access Control vulnerability in the WordPress Paymob for WooCommerce Plugin versions 4.1.2 and below.

This vulnerability allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization, authentication, or nonce token checks.

It is classified under OWASP Top 10's A1: Broken Access Control category and has a CVSS score of 7.5, indicating a significant security risk.

Impact Analysis

This vulnerability can allow attackers who are not logged in to perform higher-privileged actions within the Paymob for WooCommerce plugin.

Such unauthorized actions could lead to manipulation or misuse of the plugin's functionality, potentially compromising the integrity of your e-commerce operations.

Although the actual impact is considered low, the CVSS score of 7.5 suggests it could be exploited on a large scale if left unpatched.

Currently, there is no official patch available, so immediate mitigation steps like updating the plugin when possible or seeking help from a developer are recommended.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability since there is no official patch available yet.

  • Update the Paymob for WooCommerce plugin to a version higher than 4.1.2 once a patch is released.
  • Seek assistance from your hosting provider or a developer to implement temporary access control measures.
  • Monitor for any suspicious activity related to unauthorized access attempts.
Compliance Impact

The vulnerability is an unauthenticated broken access control issue that allows unauthorized users to perform higher-privileged actions. Such unauthorized access can lead to potential misuse or manipulation of data, which may impact compliance with standards like GDPR or HIPAA that require strict access controls and protection of sensitive information.

However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with GDPR, HIPAA, or other regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56025. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart