{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:48:48.876","vulnerabilities":[{"cve":{"id":"CVE-2025-15511","sourceIdentifier":"security@wordfence.com","published":"2026-01-28T12:15:50.213","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending crafted requests to the WooCommerce API endpoint."},{"lang":"es","value":"El plugin Rupantorpay para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función handle_webhook() en todas las versiones hasta la 2.0.0, inclusive. Esto permite que atacantes no autenticados modifiquen los estados de los pedidos de WooCommerce enviando solicitudes manipuladas al endpoint de la API de WooCommerce."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/rupantorpay/tags/2.0.0/includes/class-wc-rupantorpay-gateway.php#L172","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b21bdfd-42ec-43fe-b581-04276b86c50b?source=cve","source":"security@wordfence.com"}]}}]}