Razorpay for WooCommerce: Incorrect Configuration Allows Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Razorpay for WooCommerce: Incorrect Configuration Allows Unauthorized Access

CVE-2026-39656

Summary

A security weakness in Razorpay for WooCommerce allows unauthorized users to access sensitive areas of the plugin if access control settings are not properly configured. This could allow malicious users to make unauthorized changes to the plugin's settings or access sensitive customer information. To fix this, update Razorpay for WooCommerce to version 4.8.3 or later.

Original title

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooComm...

Original description

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/woo-razorpay/vulnerability/word...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026