Vulnerabilities and security researches forbsecure bsecure
Direction: ascendingJul 05, 2025
bSecure – Your Universal Checkout # CVE-2025-52830
- CVE, Research URL
- Application
- Date
- Jul 04, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jul 23, 2025
bSecure – Your Universal Checkout # CVE-2025-6187
- CVE, Research URL
- Application
- Date
- Jul 22, 2025
- Research Description
- The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user’s email to obtain a valid login cookie and fully impersonate that account.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable