CVE-2025-15400

Name of the Vulnerable Software and Affected Versions Pix para Woocommerce WordPress plugin versions through 2.13.3

Description The plugin allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without proper capability or nonce checks. This allows authenticated users, including those with subscriber privileges, to clear API credentials and webhook status, leading to persistent disruption of OpenPix payment functionality.

Recommendations Update Pix para Woocommerce to a version later than 2.13.3.