CVE-2025-6729 – WordPress PayMaster for WooCommerce SSRF Vulnerability

CVE ID : CVE-2025-6729

Published : July 4, 2025, 3:15 a.m. | 1 hour, 43 minutes ago

Description : The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the ‘wp_ajax_paym_status’ AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2025-5372 – OpenSSL SSH Key Derivation Buffer Initialization Vulnerability

CVE-2025-6944 – Uncode Core WordPress Stored Cross-Site Scripting

Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)

CVE-2025-6586 – WordPress Download Plugin Remote Code Execution (RCE) Vulnerability