CVE-2025-14843
Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
24 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle_checkout_redirecturl_response' function. This makes it possible for unauthenticated attackers to cancel arbitrary WooCommerce orders by sending a crafted request with a valid order ID.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
wizit · Wizit Gateway for WooCommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →