EUVD-2025-22299

Malicious code in bioql PyPI...

WordPress bSecure plugin elevation of privilege vulnerability

WordPress bSecure plugin is a plugin used to enhance the security of the website, mainly for the payment page of GiveWP to provide security features. An elevation of privilege vulnerability exists in the WordPress bSecure plugin, which stems from a lack of authorization in the orderinfo REST...

CVE-2025-6187

The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its orderinfo REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/orderinfo/ route with a permissioncallback that always returns true, effectively bypassing a...

CVE-2025-6187

The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its orderinfo REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/orderinfo/ route with a permissioncallback that always returns true, effectively bypassing a...

CVE-2025-6187

The WordPress bSecure plugin (versions 1.3.7–1.7.9 ) contains a privilege-escalation flaw in the order_info REST endpoint. The plugin registers the route /webhook/v2/order_info/ with a permission_callback that always returns true, effectively bypassing authentication . This lets unauthenticated a...

CVE-2025-6187 bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint

The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its orderinfo REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/orderinfo/ route with a permissioncallback that always returns true, effectively bypassing a...

PT-2025-30386 · WordPress · Bsecure

Name of the Vulnerable Software and Affected Versions: bSecure plugin for WordPress versions 1.3.7 through 1.7.9 Description: The plugin is susceptible to privilege escalation due to a missing authorization check within the order info REST endpoint. The /webhook/v2/order info/ route’s permission...

CVE-2025-52830 WordPress bSecure – Your Universal Checkout plugin <= 1.7.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bSecure – Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure – Your Universal Checkout: from n/a through = 1.7.9...

WordPress plugin bSecure – Your Universal Checkout SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...