CVE-2026-0692 is a Missing Authorization vulnerability (CWE-862) found in the BlueSnap Payment Gateway plugin for WooCommerce, affecting all versions up to 3.3.0. The root cause lies in the plugin's reliance on WooCommerce's WC_Geolocation::get_ip_address() function to validate IPN requests. This function determines the client IP address by trusting HTTP headers such as X-Real-IP and X-Forwarded-For, which can be manipulated by attackers. Because the plugin uses this IP address to enforce an IP allowlist for incoming IPN requests, an attacker can spoof a whitelisted BlueSnap IP address by crafting requests with forged headers. This allows unauthenticated attackers to bypass IP-based restrictions and send fraudulent IPN messages to the WooCommerce store. These forged IPN messages can alter order statuses arbitrarily—marking orders as paid, failed, refunded, or on-hold—thereby compromising the integrity of transaction processing. The vulnerability does not impact confidentiality or availability directly but severely impacts integrity. The CVSS 3.1 base score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a scope limited to the vulnerable plugin. No patches or official fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability highlights the risk of trusting user-controllable headers for security-critical decisions and the need for robust IPN validation mechanisms that do not rely solely on IP address checks.

This vulnerability allows attackers to manipulate order statuses in WooCommerce stores using the BlueSnap Payment Gateway plugin without authentication. The primary impact is on the integrity of e-commerce transactions, enabling fraudulent activities such as marking unpaid orders as paid, triggering refunds, or canceling legitimate orders. This can lead to financial losses, inventory mismanagement, and reputational damage for affected merchants. Additionally, attackers could disrupt business operations by causing confusion in order fulfillment processes. Since the vulnerability can be exploited remotely over the network without user interaction or credentials, the attack surface is broad. Organizations relying on this payment gateway are at risk of fraudulent transactions and potential chargebacks. The lack of confidentiality or availability impact means data leakage or denial of service is not a direct concern, but the financial and operational consequences are significant. The vulnerability undermines trust in the payment processing system and could be leveraged as part of larger fraud schemes.

To mitigate this vulnerability, organizations should immediately implement stricter validation of IPN requests beyond relying on IP address checks derived from user-controllable headers. Specifically, they should: 1) Avoid trusting HTTP headers like X-Real-IP and X-Forwarded-For for security decisions, as these can be spoofed. 2) Implement cryptographic verification of IPN messages, such as validating digital signatures or shared secrets provided by BlueSnap to authenticate requests. 3) Restrict IPN endpoints to accept requests only from verified BlueSnap IP addresses at the network firewall level, ensuring that spoofed headers cannot bypass these controls. 4) Monitor and log IPN requests for anomalies, including unexpected order status changes or IP addresses. 5) Update the BlueSnap Payment Gateway plugin to a patched version once available or apply vendor-recommended fixes. 6) Consider deploying Web Application Firewalls (WAFs) with rules to detect and block spoofed IP header attempts. 7) Educate development and security teams about the risks of trusting user-controllable headers and enforce secure coding practices. These measures collectively reduce the risk of unauthorized order manipulation and protect the integrity of payment processing.