## Critical Vulnerability Information ### Vulnerability Summary - **CVE**: CVE-2026-2592 - **CVSS**: 7.7 (High) - **CVSS V3 Rating**: 3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H ### Description The Zarinpal Gateway for WooCommerce plugin contains an improper access control vulnerability, which could allow unauthorized attackers to modify the payment status of orders without proper payment. The root cause is that the "Return_from_ZarinPal_Gateway" payment callback handler fails to verify whether the authorization token in the callback URL belongs to a specific order marked as paid. ### Reference Links - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org) - [plugins.trac.wordpress.org](https://plugins.trac.wordpress.org) ### Vulnerability Details - **Software Type**: Plugin - **Software Slug**: zarinpal-woocommerce-payment-gateway ([View](https://wordpress.org/plugins/zarinpal-woocommerce-payment-gateway/)) - **Fixed**: Yes - **Remediation**: Upgrade to version 5.0.17 or higher - **Affected Versions**: <= 5.0.16 - **Fixed Version**: 5.0.17