The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses.
GHSA-fcvm-3w6m-5wpr: The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a...
The Payaza WordPress plugin versions up to 0.3.8 has a vulnerability allowing unauthenticated attackers to modify order statuses due to a missing capability check.