支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2025-14463 基础信息
漏洞信息
                                        # PayPal支付按钮未授权任意订单创建漏洞

## 概述
WordPress 的 Payment Button for PayPal 插件在所有版本(包括 1.2.3.41 及之前)中存在未授权订单创建漏洞。

## 影响版本
1.2.3.41 及之前所有版本

## 细节
插件暴露了一个公开的 AJAX 接口 `wppaypalcheckout_ajax_process_order`,该接口在处理支付结果时未进行身份认证,也未对 PayPal 交易进行服务端验证。攻击者可通过直接向该接口发送 POST 请求,在绕过基本参数校验后,任意创建订单。

## 影响
攻击者可创建包含任意交易 ID、支付状态、商品名称、金额及客户信息的订单。若站点启用了邮件发送功能,插件将向请求中指定的邮箱地址发送购买收据,导致订单数据库污染,并可能被滥发未经授权的邮件,且无需真实 PayPal 交易即可完成。
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint (`wppaypalcheckout_ajax_process_order`) that processes checkout results without any authentication or server-side verification of the PayPal transaction. This makes it possible for unauthenticated attackers to create arbitrary orders on the site with any chosen transaction ID, payment status, product name, amount, or customer information via direct POST requests to the AJAX endpoint, granted they can bypass basic parameter validation. If email sending is enabled, the plugin will also trigger purchase receipt emails to any email address supplied in the request, leading to order database corruption and unauthorized outgoing emails without any real PayPal transaction taking place.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
授权机制缺失
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-14463 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2025-14463 的情报信息

  • 标题: wp-paypal.php in wp-paypal/trunk – WordPress Plugin Repository -- 🔗来源链接

    标签:

    wp-paypal.php in wp-paypal/trunk – WordPress Plugin Repository

  • 标题: Changeset 3431974 for wp-paypal – WordPress Plugin Repository -- 🔗来源链接

    标签:

    神龙速读:
                                            ### 关键信息提取

#### 1. **Commit Information**
- **Changeset Number:** 3431974
- **Plugin Name:** wp-paypal
- **Timestamp:** 01/04/2026 06:59:12 AM
- **Author:** naa986
- **Message:** v1.2.3.42 commit

#### 2. **File Changes**
- **1 file added:** wp-paypal/wp-paypal-checkout-api.php
- **3 files edited:**
  - readme.txt
  - wp-paypal/wp-paypal-checkout-api.php
  - wp-paypal/wp-paypal.php

#### 3. **Key Code Changes**
- **wp-paypal/wp-paypal-checkout-api.php:**
  - Updates related to PayPal checkout API interactions.
- **wp-paypal.php:**
  - Inclusion of new file `wp-paypal-checkout-api.php`.
  - Minor version update in file header.

#### 4. **Potential Vulnerabilities**
- **No obvious vulnerability identified:** The changes primarily involve adding new functionality related to the PayPal checkout API and minor code updates. No obvious security vulnerabilities are apparent from the changeset alone.

#### 5. **Security Considerations**
- **Input validation:** Ensure robust input validation for all user inputs across the updated files to prevent injection attacks.
- **Error handling:** Verify adequate error handling and user notifications in newly added PayPal API interaction code.
- **Code review:** Conduct a thorough code review focusing on newly added functionality and interactions with external services like PayPal.
    Changeset 3431974 for wp-paypal – WordPress Plugin Repository
  • https://plugins.trac.wordpress.org/browser/wp-paypal/tags/1.2.3.41/wp-paypal-checkout.php#L249

  • 标题: wp-paypal.php in wp-paypal/tags/1.2.3.41 – WordPress Plugin Repository -- 🔗来源链接

    标签:

    wp-paypal.php in wp-paypal/tags/1.2.3.41 – WordPress Plugin Repository

  • 标题: ERROR: The request could not be satisfied -- 🔗来源链接

    标签:

    神龙速读:
                                            - **Error Code**: 403 ERROR
- **Error Message**: The request could not be satisfied.
- **Reasons**:
  - Request blocked.
  - Unable to connect to the server for this app or website.
  - Possible causes: Too much traffic or configuration error.
- **Solutions**:
  - Try again later.
  - Contact the app or website owner.
  - Review the CloudFront documentation for troubleshooting and prevention steps.
- **Generated by**: cloudfront (CloudFront)
- **Request ID**: A0ILTNh0hCOYnR2mQWm4Lk4WIdfvDLsQ86TA0qBLPkIw6123xc67mA==
    ERROR: The request could not be satisfied

  • 标题: wp-paypal-checkout.php in wp-paypal/trunk – WordPress Plugin Repository -- 🔗来源链接

    标签:

    神龙速读:
                                            **关键信息:**

- **插件名称:** wp-paypal
- **文件路径:** wp-paypal/trunk/wp-paypal-checkout.php
- **最近更改:** 最后修改于修订 3431974,由 naa986 执行,5周前
- **版本:** v1.2.3.42 commit
- **文件大小:** 16.7 KB

**可能的漏洞:**

- **代码检查:** 在代码中缺少对输入参数的充分验证和清理,可能导致`XSS`或`SQL注入`等漏洞。
- **敏感信息暴露:** `$options`数组中的敏感配置信息(如密钥等)可能未得到妥善保护。
- **不安全的API调用:** PayPal相关的API调用可能存在未处理的异常或返回值错误的处理,可能导致支付失败或数据丢失。
- **硬编码的默认值:** 某些默认值可能不够安全或容易被猜解,如`$shipping_preference`的默认值。
    wp-paypal-checkout.php in wp-paypal/trunk – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2025-14463
四、漏洞 CVE-2025-14463 的评论

暂无评论

发表评论