3 matches found
CVE-2025-6187
The WordPress bSecure plugin (versions 1.3.7–1.7.9 ) contains a privilege-escalation flaw in the order_info REST endpoint. The plugin registers the route /webhook/v2/order_info/ with a permission_callback that always returns true, effectively bypassing authentication . This lets unauthenticated a...
CVE-2025-6187 bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its orderinfo REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/orderinfo/ route with a permissioncallback that always returns true, effectively bypassing a...
WordPress bSecure plugin 1.3.7-1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint
Missing Authorization to Unauthenticated Privilege Escalation via orderinfo REST Endpoint vulnerability discovered by kr0d in WordPress Plugin bSecure Your Universal Checkout versions 1.3.7-1.7.9...