The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Pix para Woocommerce | affected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 11 Feb 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality. | |
| Title | OpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-02-11T06:00:03.772Z
Reserved: 2025-12-31T14:58:36.688Z
Link: CVE-2025-15400
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-11T06:15:47.870
Modified: 2026-02-11T06:15:47.870
Link: CVE-2025-15400
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.