CVE-2026-7862 in Gateway for Woocommerce Pluginالمعلومات

الملخص

بحسب MITRE • 28/05/2026

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

WPScan

حجز

05/05/2026

إفشاء

28/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-366595

CPE

جاهز

CWE

CWE-284 (مؤكد)

CVSS

6.3 (VulDB)

EPSS

0.00058

KEV

لا

النشاطات

منخفض

القطاع

Telecommunication, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7862
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7862
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7862/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!