Vulnerabilities and security researches forwoocommerce-paymaster-gateway-019 woocommerce-paymaster-gateway-019

Jul 05, 2025

CVE, Research URL: CVE-2025-6729
Home page URL: Security reports for PayMaster for WooCommerce
Application: PayMaster for WooCommerce
Date: Jul 04, 2025
Research Description: The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: Min -, max -.
Status: vulnerable