CVE-2026-7862

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

28/05/2026

Última modificación:

28/05/2026

Descripción

*** Pendiente de traducción *** The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant&#39;s payment gateway credentials, and for applicable payment methods, to redirect refunded funds to an attacker-controlled bank account.

Impacto

Referencias a soluciones, herramientas e información

https://wpscan.com/vulnerability/b4ce2a06-b435-4b77-851f-4406f2a91ca6/