Authentication Bypass in PayU India Product by PayU
CVE-2025-31022

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Payu India
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-31022?

A vulnerability in PayU India allows attackers to bypass authentication mechanisms through an alternate channel, enabling malicious users to exploit user accounts. This issue affects all versions leading up to and including 3.8.5, posing risks for account takeover and unauthorized access to sensitive financial information. It is crucial for users to remain vigilant and ensure they are using the latest version of the product to mitigate these security risks.

Affected Version(s)

PayU India < 3.8.8

References

https://patchstack.com/database/wordpress/plugin/payu-ind...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2025-31022?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit