CVE-2026-0656: High Vulnerability in iPaymu Payment Gateway for WooCommerce

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification or origin checks. This makes it possible for unauthenticated attackers to mark WooCommerce orders as paid by sending crafted POST requests to the webhook endpoint without any payment occurring, as well as enumerate order IDs and obtain valid order keys via GET requests, exposing customer order PII including names, addresses, and purchased products.

This vulnerability allows for significant manipulation of order processing and could lead to unauthorized access to sensitive customer information. The severity is classified as high with a CVSS score of 8.2, indicating that it poses a serious risk to organizations utilizing this plugin.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability. The lack of authentication checks can lead to unauthorized actions that compromise the integrity and confidentiality of customer data.

Currently, there are no public exploits confirmed, and the vulnerability is not included in the Known Exploited Vulnerabilities (KEV) catalog. However, the potential for exploitation remains, making it imperative for organizations to take swift action.

Organizations using this plugin should remain vigilant and consider implementing additional security measures as they await a patch from the vendor.

Vulnerability Details

The iPaymu Payment Gateway for WooCommerce plugin is vulnerable to Missing Authentication due to the failure of validating webhook requests. The vulnerability is characterized by the CVE ID CVE-2026-0656 and is classified under CWE-862. The CVSS score for this vulnerability is 8.2, indicating a high severity level. The vulnerability was published on January 7, 2026.

Technical Analysis

The root cause of this vulnerability stems from the lack of proper authentication verification in the 'check_ipaymu_response' function. Attackers can exploit this flaw through crafted POST requests, allowing them to manipulate order statuses without legitimate payments.

The attack vector is network-based with low complexity, requiring no privileges or user interaction. The confidentiality impact is rated as high, as attackers can access sensitive customer information, while the integrity impact is low, as they can alter order statuses without affecting system availability.

Risk & Impact Analysis

Risk to organizations includes the potential for unauthorized access to sensitive customer data, including names and addresses. The vulnerability exposes a wide blast radius, as many WooCommerce installations may utilize the affected plugin. Organizations should assess their exposure and prioritize remediation based on the CVSS score.

Given the high-severity classification and the potential for exploitation, organizations are advised to address this vulnerability in their priority patch cycle.

Affected Versions

All versions up to, and including, 2.0.2 of the iPaymu Payment Gateway for WooCommerce plugin are affected by this vulnerability. Organizations should ensure they update to the latest version once available.

Mitigation & Remediation

Organizations should monitor for updates from the vendor and prioritize patching immediately. Implementing network controls and configuration hardening can provide additional layers of security while awaiting a patch. For comprehensive testing, organizations may consider engaging in penetration testing to identify further vulnerabilities.

Detection Guidance

Organizations should look for abnormal log entries that indicate unauthorized access attempts, particularly around the webhook endpoint. Monitoring for unusual order status changes or patterns in order processing can also help identify potential exploitation of this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the need for robust authentication measures in payment processing systems. As attackers continue to exploit weaknesses in authentication, organizations must reevaluate their security posture and implement comprehensive testing strategies. Engaging in penetration testing methodology and continuous security assessments will be crucial in safeguarding against similar vulnerabilities.

The evolving landscape of threats necessitates a proactive approach to security, particularly for plugins that handle sensitive customer data. Organizations should also consider implementing vulnerability management programs to ensure ongoing review and mitigation of potential risks.

Ultimately, mitigating this vulnerability requires a comprehensive strategy that includes patching, monitoring, and continuous improvement of security practices.