A high-severity vulnerability has been identified in the SKT PayPal for WooCommerce plugin for WordPress, which could allow an attacker to bypass the payment process. Successful exploitation of this flaw could enable malicious actors to complete transactions and receive goods or services without submitting valid payment, resulting in direct financial loss for the organization.

The vulnerability is a payment bypass flaw within the plugin's transaction handling logic. An unauthenticated attacker can manipulate the data exchanged between the WooCommerce store and the PayPal payment gateway during the checkout process. By sending a crafted request or interfering with the payment confirmation callback, the attacker can trick the plugin into incorrectly marking an order as paid and complete, even when no funds have been transferred.

This vulnerability is rated as high severity with a CVSS score of 7.5 due to its direct impact on business operations and revenue. Exploitation leads to fraudulent orders, causing direct financial loss from uncompensated goods or services. This can also result in inventory management issues, wasted shipping costs, and potential reputational damage if the flaw is exploited at scale.

Immediate Action: Immediately update the SKT PayPal for WooCommerce plugin to the latest version available (a version greater than 1). If the plugin is not critical to business operations, consider deactivating and removing it to eliminate the attack surface entirely.

Proactive Monitoring: Monitor web server access logs for unusual patterns or repeated failed requests to the payment confirmation endpoint. Regularly audit completed orders within WooCommerce and cross-reference them against confirmed payment transactions in the corresponding PayPal merchant account to identify any discrepancies.

Compensating Controls: If patching is not immediately possible, temporarily disable the SKT PayPal payment option at checkout. Implement a manual order verification process where every order is cross-referenced with a confirmed payment receipt in the PayPal account before fulfillment. A Web Application Firewall (WAF) may be configured with custom rules to inspect and block malicious transaction-altering requests, if the specific exploit pattern is known.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the risk of direct financial loss, it is strongly recommended that organizations immediately apply the necessary updates to the affected SKT PayPal for WooCommerce plugin. A post-remediation audit of recent transactions processed through this gateway should be conducted to identify and investigate any potentially fraudulent orders. While there is no evidence of active exploitation, the simplicity and direct impact of a payment bypass vulnerability make it a prime target for opportunistic attackers.