CVE-2025-15400
Authorization Bypass in Pix para WooCommerce Plugin Allows Payment Disruption
Publication date: 2026-02-11
Last updated on: 2026-04-02
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openpix | openpix-for-woocommerce | to 2.13.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-15400 affects the WordPress plugin "openpix-for-woocommerce" versions up to 2.13.3. It allows any authenticated user, including those with low privileges such as subscribers, to trigger AJAX actions that reset the payment gateway configuration options without proper capability or nonce verification.'}, {'type': 'paragraph', 'content': 'This means that attackers can clear critical settings like API credentials and webhook statuses by sending crafted requests, causing persistent disruption of the OpenPix payment functionality.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified as a Broken Access Control issue (OWASP A5) and corresponds to CWE-862 (Missing Authorization).'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause persistent disruption of the OpenPix payment functionality on WooCommerce sites using the affected plugin.
An attacker with any authenticated user role can reset payment gateway settings, including clearing API credentials and webhook statuses, which may lead to payment failures and loss of revenue.
Since the attacker does not need administrative privileges, even low-privileged users can cause significant operational impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the OpenPix payment gateway configuration options in WooCommerce have been reset unexpectedly, such as cleared API credentials and webhook statuses.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts on your system, you can monitor for POST requests to the WordPress AJAX endpoint with the action parameter set to 'openpix_prepare_oneclick'."}, {'type': 'paragraph', 'content': 'An example command to detect such requests in web server logs might be:'}, {'type': 'list_item', 'content': "grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'action=openpix_prepare_oneclick'"}, {'type': 'paragraph', 'content': 'Additionally, verifying the WooCommerce payment settings for cleared or missing OpenPix configuration details can confirm if the vulnerability has been exploited.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Currently, no fix is known for this vulnerability.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting authenticated user roles that can access the WordPress AJAX endpoint or limiting the ability of low-privileged users such as subscribers to trigger AJAX actions.'}, {'type': 'paragraph', 'content': "Monitoring and alerting on suspicious POST requests to 'admin-ajax.php' with the action 'openpix_prepare_oneclick' can help detect exploitation attempts early."}, {'type': 'paragraph', 'content': 'As a precaution, consider temporarily disabling the OpenPix Pix payment gateway or restricting access to trusted users until a patch or update is released.'}] [1]