cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forbsecure bsecure

Direction: ascending
Jul 05, 2025

bSecure – Your Universal Checkout # CVE-2025-52830

CVE, Research URL

CVE-2025-52830

Date
Jul 04, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
Affected versions
Min -, max -.
Status
vulnerable
Jul 23, 2025

bSecure – Your Universal Checkout # CVE-2025-6187

CVE, Research URL

CVE-2025-6187

Date
Jul 22, 2025
Research Description
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the /webhook/v2/order_info/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user’s email to obtain a valid login cookie and fully impersonate that account.
Affected versions
Min -, max -.
Status
vulnerable