Impact
An unauthenticated vulnerability exists in the IDPay Payment Gateway for WooCommerce plugin for WordPress versions 2.2.5 and earlier, allowing attackers to read confidential payment transaction data. The flaw originates from improper handling of sensitive information, identified as CWE‑497, and can result in the disclosure of user payment methods, transaction details, and potentially lead to financial fraud and loss.
Affected Systems
The affected product is the IDPay Payment Gateway for WooCommerce plugin for WordPress, for installations running version 2.2.5 or older. Site administrators should verify the plugin version and take action before proceeding with an update.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity, and the EPSS score of <1% suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is unauthenticated HTTP requests to exposed plugin endpoints, enabling attackers to retrieve sensitive payment data without user authentication. While exploitation is currently considered unlikely, the potential impact on confidentiality and financial integrity warrants prompt remediation.
OpenCVE Enrichment