CVE Catalog

CVE-2026-56025

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The Paymob for WooCommerce plugin version 4.1.2 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

Risk Assessment

The risk includes unauthorized access to sensitive plugin functions, potentially leading to data integrity breaches or unauthorized actions within the WooCommerce system.

Recommendation

It is recommended to immediately update the Paymob for WooCommerce plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS