CVE Catalog
CVE-2026-56023
MediumCVSS 5.4Summary
The UPI QR Code Payment Gateway for WooCommerce plugin version 1.6.2 and earlier contains a broken access control vulnerability. This allows unauthorized users to manipulate the payment process.
Risk Assessment
An attacker can exploit this flaw to change payment statuses or access administrator-level functions, leading to financial losses and order integrity breaches.
Recommendation
Immediately update the plugin to the latest available version. If an update is not possible, temporarily disable the plugin until a patch is released.
Original NVD description (English source)
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

