CVE-2025-11890

HIGH

Crypto Payment Gateway with Payeer for WooCommerce <1.0.3 - Auth By...

Title source: llm

Description

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a payments status through server-side validation though the /wc-api/bp-payeer-gateway-callback endpoint. This makes it possible for unauthenticated attackers to update unpaid order statuses to paid resulting in a loss of revenue.

References (2)

Core 2

Core References

Product

https://wordpress.org/plugins/crypto-payment-gateway-with-payeer-for-woocommerce/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/43ca1393-637d-48e2-84f3-a06a4f0d83d1?source=cve

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

beycanpress/Crypto Payment Gateway with Payeer for WooCommerce < 1.0.3

Published Nov 04, 2025

Tracked Since Feb 18, 2026