Cross-Site Request Forgery Vulnerability in Avishi WP PayPal Payment Button Plugin for WordPress
CVE-2025-7669

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Avishi WP Paypal Payment Button
Vendor
CVE Published:
19 July 2025

What is CVE-2025-7669?

The Avishi WP PayPal Payment Button plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability, allowing unauthenticated attackers to issue forged requests due to inadequate nonce validation. This weakness may enable malicious actors to manipulate settings or inject harmful scripts if they can trick site administrators into performing specific actions, such as clicking a link. Users are advised to review and implement security measures to safeguard against potential exploits related to this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Avishi WP PayPal Payment Button * <= 2.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/avishi-wp-payp...
https://wordpress.org/plugins/avishi-wp-paypal-payment-bu...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Johannes Skamletz
JSON
.