The vulnerability is a missing authorization flaw in the WooCommerce Payment Gateway – Paysera plugin that allows exploitation of incorrectly configured access control security levels. Because proper permission checks are absent, an attacker could potentially modify or view payment-related settings, orders, or sensitive configuration data that should be limited to privileged users. This type of access-control weakness can enable unauthorized changes to payment processing or the exposure of confidential information.

The flaw impacts the Paysera WooCommerce Payment Gateway – Paysera plugin on WordPress sites, affecting all installations using version 3.10.0 or earlier. No specific operating system or platform dependency is mentioned, and the vulnerability exists across all versions from the earliest available through 3.10.0.

The CVSS score of 4.3 indicates a moderate severity, and the EPSS score of less than 1% suggests that exploitation is unlikely to be frequently observed. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, via the web interface that hosts the plugin, and an attacker would need to send crafted requests that bypass normal authentication checks. While the exact path and prerequisites are not detailed, the absence of proper access control fundamentally increases the risk for any attacker who can reach the plugin’s administrative functions.