CVE-2025-7820
SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers to make confirmed purchases without actually paying for them.
| CWE | CWE-602 |
| Vendor | sonalsinha21 |
| Product | skt paypal for woocommerce |
| Published | Nov 27, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for sonalsinha21 skt paypal for woocommerce
Be the first to know when new high vulnerabilities affecting sonalsinha21 skt paypal for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
sonalsinha21 / SKT PayPal for WooCommerce
0 โค 1.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/1a67b1b3-eb39-4e9a-ba44-ea637fc3bba1?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403118%40skt-paypal-for-woocommerce&new=3403118%40skt-paypal-for-woocommerce&sfp_email=&sfph_mail=
Credits
ch4r0n