Crypto Payment Gateway with Payeer for WooCommerce

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback endpoint. This makes it possible for unauthenticated attackers to update unpaid order statuses to paid resulting in a loss of revenue.

Basic Information

ID CVE-2025-11890

Source Wordfence

Published Nov 4, 2025 at 04:27

Affected Product

Vendor beycanpress

Product Crypto Payment Gateway with Payeer for WooCommerce

Version *

Affected Versions beycanpress Crypto Payment Gateway with Payeer for WooCommerce *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback endpoint. This makes it possible for unauthenticated attackers to update unpaid order statuses to paid resulting in a loss of revenue.",
    "published": "2025-11-04T04:27:16.569Z",
    "modified": "2025-11-04T04:27:16.569Z",
    "type": "cve",
    "title": "Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43ca1393-637d-48e2-84f3-a06a4f0d83d1?source=cve\nhttps://wordpress.org/plugins/crypto-payment-gateway-with-payeer-for-woocommerce/",
    "id": "CVE-2025-11890",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "beycanpress Crypto Payment Gateway with Payeer for WooCommerce *",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Crypto Payment Gateway with Payeer for WooCommerce",
    "version": "*",
    "vendor": "beycanpress",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass_CVE-2025-11890