OpenPix

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Description

The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.

Basic Information

ID CVE-2025-15400

Source WPScan

Published Feb 11, 2026 at 06:00

Modified Feb 11, 2026 at 16:01

Affected Product

Vendor Unknown

Product Pix para Woocommerce

Affected Versions Unknown Pix para Woocommerce 0

CWE Classification

CWE-862

References

wpscan.com /vulnerability/54c1251f-96be-4d70-b773-3db26b599838/

{
    "lastseen": "",
    "description": "The Pix para Woocommerce  WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.",
    "published": "2026-02-11T06:00:03.772Z",
    "modified": "2026-02-11T16:01:40.892Z",
    "type": "cve",
    "title": "OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/54c1251f-96be-4d70-b773-3db26b599838/",
    "id": "CVE-2025-15400",
    "bulletinFamily": "",
    "cwe": [
        "",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Unknown Pix para Woocommerce 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pix para Woocommerce",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset_CVE-2025-15400