CVE-2025-26535 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection (SQLi) in the Bitcoin/AltCoin Payment Gateway plugin. 💥 **Consequences**: Attackers can manipulate database queries, leading to data theft or site compromise.…

🛡️ **Root Cause**: **CWE-89** (Improper Neutralization of Special Elements used in an SQL Command). The plugin fails to sanitize user inputs before executing SQL queries, allowing malicious SQL code injection.

🎯 **Affected**: **CodeSolz**'s product: *Bitcoin / AltCoin Payment Gateway for WooCommerce*. 📉 **Version**: **1.7.6 and earlier**. If you are running this version or older, you are vulnerable.

💰 **Impact**: High Confidentiality (C:H), Low Availability (A:L). Hackers can potentially **extract sensitive database data** (user info, transaction logs) or **modify/delete records**.…

⚡ **Threshold**: **LOW**. CVSS Vector: `AV:N/AC:L/PR:N/UI:N`. No authentication required (PR:N), no user interaction needed (UI:N), and easy to exploit (AC:L). It’s a remote, unauthenticated attack vector.

🔍 **Exploit Status**: No specific PoC code provided in the data (`pocs: []`). However, the vulnerability is confirmed via Patchstack.…

🔎 **Self-Check**: Scan your WordPress site for the plugin *Bitcoin / AltCoin Payment Gateway for WooCommerce*. Check the installed version number. If it is **≤ 1.7.6**, you are vulnerable.…

🛠️ **Fix**: The vendor **CodeSolz** has acknowledged the issue. You must **update the plugin** to the latest version immediately.…

🚧 **No Patch Workaround**: If you cannot update immediately, **disable the plugin** entirely. Remove it from your WordPress installation if you don’t use crypto payments.…

🔥 **Urgency**: **HIGH**. With `PR:N` (No Privileges) and `AC:L` (Low Complexity), this is an easy target for automated bots. Given it handles payments, the risk to business integrity is severe. Patch **NOW**.