Kapil Paul Payment Gateway CVE-2025-62754
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0.
AnalysisAI
Payment Gateway bKash for WooCommerce has a missing authorization vulnerability allowing attackers to exploit incorrect access controls for privilege escalation.
Technical ContextAI
The woo-payment-bkash plugin has a CWE-862 missing authorization vulnerability that allows unauthenticated or low-privileged users to access administrative functions through improperly protected endpoints.
Affected ProductsAI
Kapil Paul Payment Gateway bKash for WooCommerce
RemediationAI
Update the plugin. Review payment gateway configurations for unauthorized changes.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today