Vulnerabilities and security researches forbsecure bsecure

Jul 05, 2025

CVE, Research URL: CVE-2025-52830
Home page URL: Security reports for bSecure – Your Universal Checkout
Application: bSecure – Your Universal Checkout
Date: Jul 04, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
Affected versions: Min -, max -.
Status: vulnerable

Jul 23, 2025

CVE, Research URL: CVE-2025-6187
Home page URL: Security reports for bSecure – Your Universal Checkout
Application: bSecure – Your Universal Checkout
Date: Jul 22, 2025
Research Description: The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user’s email to obtain a valid login cookie and fully impersonate that account.
Affected versions: Min -, max -.
Status: vulnerable