Unauthenticated WooCommerce Ajax Endpoint Vulnerability in Klarna Checkout Plugin
CVE-2024-13925

Currently unrated

Key Information:

Vendor: WordPress
Status: Klarna Checkout For WooCommerce
Vendor: CVE Published:; 17 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unauthenticated vulnerability in the Klarna Checkout for WooCommerce plugin prior to version 2.13.5 allows attackers to exploit an Ajax endpoint. By sending specially crafted POST requests, an attacker can rapidly write excessive data to log files, potentially leading to disk space exhaustion. This vulnerability poses a serious risk to server stability and may result in service disruptions.

Affected Version(s)

Klarna Checkout for WooCommerce 0 < 2.13.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13925 - Proof of Concept

References

https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Apr 17, 2025
👾
Exploit known to exist
Apr 17, 2025
Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Mar 13, 2025

Credit

WPScan