CVE-2025-15400

MEDIUM 6.5

OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

1th

The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.

Vendor	unknown
Product	openpix for woocommerce
Published	Feb 11, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown openpix for woocommerce

Be the first to know when new medium vulnerabilities affecting unknown openpix for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / OpenPix for WooCommerce

0 ≤ 2.13.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/54c1251f-96be-4d70-b773-3db26b599838/

Credits

Md. Moniruzzaman Prodhan (NomanProdhan) WPScan