What is CVE-2026-7862?

CVE-2026-7862 is a high-severity vulnerability in Eupago Gateway For Woocommerce, classified under Improper Access Control. CVSS score: 8.6/10. Published 2026-05-28.

How severe is CVE-2026-7862?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Eupago Gateway For Woocommerce

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's pay…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L.

Affected products

Unknown Eupago Gateway For Woocommerce — versions 0

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-7862?: CVE-2026-7862 is a high-severity vulnerability in Eupago Gateway For Woocommerce, classified under Improper Access Control. CVSS score: 8.6/10. Published 2026-05-28.
How severe is CVE-2026-7862?: High severity. CVSS v3 base score is 8.6 out of 10.