{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67969", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:28.856Z", "datePublished": "2026-02-20T15:46:28.574Z", "dateUpdated": "2026-04-29T09:51:55.945Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "upi-qr-code-payment-for-woocommerce", "product": "UPI QR Code Payment Gateway for WooCommerce", "vendor": "knitpay", "versions": [{"changes": [{"at": "1.6.1", "status": "unaffected"}], "lessThanOrEqual": "1.5.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NumeX | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:02:30.429Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.</p>"}], "value": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:55.945Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/upi-qr-code-payment-for-woocommerce/vulnerability/wordpress-upi-qr-code-payment-gateway-for-woocommerce-plugin-1-5-1-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T21:04:16.404068Z", "id": "CVE-2025-67969", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T21:05:43.866Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67969", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T21:04:16.404068Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T21:03:32.580Z"}}], "cna": {"title": "WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "NumeX | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "knitpay", "product": "UPI QR Code Payment Gateway for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "1.6.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.5.1"}], "packageName": "upi-qr-code-payment-for-woocommerce", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-02-20T16:44:01.639Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/upi-qr-code-payment-for-woocommerce/vulnerability/wordpress-upi-qr-code-payment-gateway-for-woocommerce-plugin-1-5-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-02-20T15:46:28.574Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67969", "state": "PUBLISHED", "dateUpdated": "2026-02-25T21:05:43.866Z", "dateReserved": "2025-12-15T10:00:28.856Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:28.574Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1."}, {"lang": "es", "value": "Vulnerabilidad de Falta de Autorizaci\u00f3n en knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce permite Explotar Niveles de Seguridad de Control de Acceso Mal Configurados. Este problema afecta a UPI QR Code Payment Gateway for WooCommerce: desde n/a hasta &lt;= 1.5.1."}], "id": "CVE-2025-67969", "lastModified": "2026-04-29T10:16:52.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:03.017", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/upi-qr-code-payment-for-woocommerce/vulnerability/wordpress-upi-qr-code-payment-gateway-for-woocommerce-plugin-1-5-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.5.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.6.1,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "upi_qr_code_payment_gateway_for_woocommerce", "vendor": "knitpay"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T09:40:18.801658+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest version of the Knitpay UPI QR Code Payment Gateway plugin that includes the access control fix.", "Enforce strict role\u2011based access control to ensure that only authorized administrators can view or modify the plugin\u2019s settings and transaction data.", "If the plugin is not essential, disable or uninstall it to eliminate the vulnerability."], "summary": {"action": "Patch", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "The flaw affects the Knitpay UPI QR Code Payment Gateway for WooCommerce plugin through version 1.5.1, inclusive of all earlier releases. Sites running this plugin are at risk regardless of the broader WordPress installation.", "description_and_impact": "The vulnerability is a missing authorization flaw that permits exploitation of incorrectly configured access control security levels within the Knitpay UPI QR Code Payment Gateway for WooCommerce plugin. The flaw allows an attacker to bypass normal permission checks, potentially modifying or retrieving sensitive data, or performing unintended actions on the e\u2011commerce site. The weakness is a classic Broken Access Control issue (CWE-862).", "risk_and_exploitability": "Based on the description, it is inferred that the likely attack vector is via the plugin's administrative interface where no proper authentication is enforced; an attacker who can reach the site could trigger unauthorized actions without needing elevated credentials. The CVSS score is 6.5, indicating a medium severity level. The EPSS score is below 1\u202f%, suggesting a low likelihood of exploitation in the wild at present. It is not listed in CISA's KEV catalog, so there is no current evidence of active exploitation."}}}}, "created": "2026-02-23T14:46:29.495332+00:00", "updated": "2026-04-28T09:45:28.456331+00:00", "vendors": ["knitpay", "knitpay$PRODUCT$upi_qr_code_payment_gateway_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}