Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15400 affects the WordPress plugin "openpix-for-woocommerce" versions up to 2.13.3. It allows any authenticated user, including those with low privileges such as subscribers, to trigger AJAX actions that reset the payment gateway configuration options without proper capability or nonce verification.'}, {'type': 'paragraph', 'content': 'This means that attackers can clear critical settings like API credentials and webhook statuses by sending crafted requests, causing persistent disruption of the OpenPix payment functionality.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified as a Broken Access Control issue (OWASP A5) and corresponds to CWE-862 (Missing Authorization).'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause persistent disruption of the OpenPix payment functionality on WooCommerce sites using the affected plugin.

An attacker with any authenticated user role can reset payment gateway settings, including clearing API credentials and webhook statuses, which may lead to payment failures and loss of revenue.

Since the attacker does not need administrative privileges, even low-privileged users can cause significant operational impact.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the OpenPix payment gateway configuration options in WooCommerce have been reset unexpectedly, such as cleared API credentials and webhook statuses.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts on your system, you can monitor for POST requests to the WordPress AJAX endpoint with the action parameter set to 'openpix_prepare_oneclick'."}, {'type': 'paragraph', 'content': 'An example command to detect such requests in web server logs might be:'}, {'type': 'list_item', 'content': "grep 'admin-ajax.php' /var/log/apache2/access.log | grep 'action=openpix_prepare_oneclick'"}, {'type': 'paragraph', 'content': 'Additionally, verifying the WooCommerce payment settings for cleared or missing OpenPix configuration details can confirm if the vulnerability has been exploited.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Currently, no fix is known for this vulnerability.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting authenticated user roles that can access the WordPress AJAX endpoint or limiting the ability of low-privileged users such as subscribers to trigger AJAX actions.'}, {'type': 'paragraph', 'content': "Monitoring and alerting on suspicious POST requests to 'admin-ajax.php' with the action 'openpix_prepare_oneclick' can help detect exploitation attempts early."}, {'type': 'paragraph', 'content': 'As a precaution, consider temporarily disabling the OpenPix Pix payment gateway or restricting access to trusted users until a patch or update is released.'}] [1]

Useful 0 Not Useful 0