CVE Catalog

CVE-2026-56048

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

The Payment Gateway Based Fees and Discounts for WooCommerce plugin version 3.0.0 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data or perform unauthorized operations without authentication.

Risk Assessment

The organization is at risk of customer data leakage, manipulation of fees and discounts, and potential financial losses. The attack can be carried out remotely without authentication.

Recommendation

Immediately update the plugin to the latest available version. If an update is not possible, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS