The Payment Button for PayPal plugin for WordPress suffers from a missing authorization vulnerability (CWE-862) identified as CVE-2025-14463. The plugin exposes a public AJAX endpoint named `wppaypalcheckout_ajax_process_order` that processes checkout results without any authentication or server-side verification of the PayPal transaction. This design flaw allows unauthenticated attackers to send crafted POST requests directly to this endpoint, specifying arbitrary transaction IDs, payment statuses, product names, amounts, and customer information. Because the plugin does not verify the legitimacy of the PayPal transaction server-side, attackers can create fake orders on the victim's site. Additionally, if email notifications are enabled, the plugin will send purchase receipt emails to any email address supplied in the request, enabling potential phishing or spam campaigns and causing order database corruption. The vulnerability affects all versions up to and including 1.2.3.41. The CVSS v3.1 base score is 5.3 (medium), reflecting the ease of exploitation (no authentication or user interaction required) but limited impact on confidentiality and availability. No patches or fixes have been published yet, and no known exploits are reported in the wild. The vulnerability primarily compromises data integrity by allowing unauthorized order creation and fraudulent email dispatch.

For European organizations, especially those operating e-commerce websites using WordPress with the Payment Button for PayPal plugin, this vulnerability can lead to significant operational and reputational damage. Unauthorized order creation can corrupt sales data, complicate inventory and financial reconciliation, and potentially trigger fraudulent chargebacks if attackers use real payment information. The ability to send arbitrary purchase receipt emails can be abused for phishing campaigns targeting customers or internal staff, increasing the risk of credential theft or malware infection. Although the vulnerability does not directly expose confidential data or cause service outages, the integrity compromise can undermine customer trust and lead to financial losses. Organizations with high transaction volumes or those in regulated sectors (e.g., retail, finance) may face compliance issues if fraudulent transactions are not detected promptly. The lack of authentication and server-side validation makes exploitation straightforward, increasing the risk of automated attacks. The impact is more pronounced in countries with widespread WordPress adoption and significant e-commerce activity.

Immediate mitigation steps include disabling the Payment Button for PayPal plugin until a secure update is available. Organizations should audit their WordPress installations to identify affected versions and remove or replace the plugin with alternatives that implement proper authorization and transaction verification. If disabling the plugin is not feasible, implement web application firewall (WAF) rules to block unauthorized POST requests to the `wppaypalcheckout_ajax_process_order` endpoint, restricting access to trusted IP addresses or authenticated users only. Additionally, monitor order creation logs for suspicious patterns such as unusual transaction IDs or customer data. Review and tighten email sending configurations to prevent abuse of the receipt email functionality. Developers should update the plugin code to enforce server-side verification of PayPal transactions using PayPal's API and require authentication for order processing endpoints. Regularly update WordPress and plugins to the latest versions and conduct security audits focusing on e-commerce workflows. Educate staff to recognize phishing attempts potentially stemming from this vulnerability.