Missing Authorization Vulnerability in Paysera WooCommerce Payment Gateway
CVE-2025-63015

Currently unrated

Key Information:

Vendor

WordPress
Status
WooCommerce Payment Gateway – Paysera
Vendor
CVE Published:
9 December 2025

What is CVE-2025-63015?

A significant security issue has been identified in the Paysera WooCommerce Payment Gateway, which stems from improperly configured access control settings. This missing authorization vulnerability allows attackers to exploit the system when interacting with the payment gateway, compromising user data and potentially leading to unauthorized access. Affected versions extend from the initial release to version 3.9.0.

Affected Version(s)

WooCommerce Payment Gateway &#8211; Paysera <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/woo-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.