Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High1

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2026-01-14

CVE-2025-15475 - Payhere Payment Gateway Plugin

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check_payhere_response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to change the status of pending WooCommerce orders to paid/completed/on hold.

PLUGIN Payhere Payment Gateway

CVE-2025-15475

MEDIUM CVSS 5.3 2026-01-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-13

CVE-2023-6064 - Payhere Payment Gateway Plugin

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.

PLUGIN Payhere Payment Gateway

CVE-2023-6064

HIGH CVSS 7.5 2024-01-01

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2025-15475 - Payhere Payment Gateway Plugin

CVE-2023-6064 - Payhere Payment Gateway Plugin

Company Links

Contact Us