CVE-2026-56048
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
The Payment Gateway Based Fees and Discounts for WooCommerce plugin version 3.0.0 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data or perform unauthorized operations without authentication.
Risk Assessment
The organization is at risk of customer data leakage, manipulation of fees and discounts, and potential financial losses. The attack can be carried out remotely without authentication.
Recommendation
Immediately update the plugin to the latest available version. If an update is not possible, temporarily disable the plugin until a patch is released.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.

