CVE Catalog

CVE-2026-56023

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

The UPI QR Code Payment Gateway for WooCommerce plugin version 1.6.2 and earlier contains a broken access control vulnerability. This allows unauthorized users to manipulate the payment process.

Risk Assessment

An attacker can exploit this flaw to change payment statuses or access administrator-level functions, leading to financial losses and order integrity breaches.

Recommendation

Immediately update the plugin to the latest available version. If an update is not possible, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS