exploitDog

CVE-2025-6729

Опубликовано: 04 июл. 2025

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Ссылки

https://wordpress.org/plugins/woocommerce-paymaster-gateway-019/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9b501e-2ce7-43d8-bad2-6c3176eed8e2?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qazomardok:paymaster_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 0.4.31 (включая)

EPSS

Процентиль: 10%

0.00034

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-rg7m-27f9-6xr8

CVSS3: 6.4

github

7 месяцев назад

The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

EPSS

Процентиль: 10%

0.00034

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-918