{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6187", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-16T20:18:57.785Z", "datePublished": "2025-07-22T09:22:44.548Z", "dateUpdated": "2025-07-22T20:04:06.430Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-22T09:22:44.548Z"}, "affected": [{"vendor": "bsecuretech", "product": "bSecure \u2013 Your Universal Checkout", "versions": [{"version": "1.3.7", "status": "affected", "lessThanOrEqual": "1.7.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user\u2019s email to obtain a valid login cookie and fully impersonate that account."}], "title": "bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f51029-0748-4943-b0ef-fc822b14614a?source=cve"}, {"url": "https://wordpress.org/plugins/bsecure/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-bsecure-checkout.php"}, {"url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-wc-bsecure.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-07-21T20:53:31.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-22T20:03:56.570904Z", "id": "CVE-2025-6187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T20:04:06.430Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-22T20:03:56.570904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T20:04:02.172Z"}}], "cna": {"title": "bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "bsecuretech", "product": "bSecure \u2013 Your Universal Checkout", "versions": [{"status": "affected", "version": "1.3.7", "versionType": "semver", "lessThanOrEqual": "1.7.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-21T20:53:31.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f51029-0748-4943-b0ef-fc822b14614a?source=cve"}, {"url": "https://wordpress.org/plugins/bsecure/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-bsecure-checkout.php"}, {"url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-wc-bsecure.php"}], "descriptions": [{"lang": "en", "value": "The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user\u2019s email to obtain a valid login cookie and fully impersonate that account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-22T09:22:44.548Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6187", "state": "PUBLISHED", "dateUpdated": "2025-07-22T20:04:06.430Z", "dateReserved": "2025-06-16T20:18:57.785Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-22T09:22:44.548Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user\u2019s email to obtain a valid login cookie and fully impersonate that account."}, {"lang": "es", "value": "El complemento bSecure para WordPress es vulnerable a la escalada de privilegios debido a la falta de autorizaci\u00f3n en su endpoint REST order_info en las versiones 1.3.7 a 1.7.9. El complemento registra la ruta /webhook/v2/order_info/ con un permission_callback que siempre devuelve verdadero, omitiendo as\u00ed toda autenticaci\u00f3n. Esto permite que atacantes no autenticados que conozcan el correo electr\u00f3nico de cualquier usuario obtengan una cookie de inicio de sesi\u00f3n v\u00e1lida y suplanten esa cuenta."}], "id": "CVE-2025-6187", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-22T10:15:25.607", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-bsecure-checkout.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bsecure/tags/1.7.9/includes/class-wc-bsecure.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/bsecure/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f51029-0748-4943-b0ef-fc822b14614a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"created": "2025-07-23T20:19:27.909269+00:00", "updated": "2025-07-23T20:19:27.909343+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}