AI description
CVE-2025-2266 affects the Checkout Mestres do WP for WooCommerce plugin for WordPress. Specifically, versions 8.6.5 through 8.7.5 are vulnerable to unauthorized data modification. This vulnerability stems from a missing capability check in the `cwmpUpdateOptions()` function. This flaw allows unauthenticated attackers to update arbitrary options on a WordPress site. By exploiting this, attackers can, for example, change the default registration role to "administrator" and enable user registration, effectively granting them administrative access to the compromised site.
- Description
- The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2025-2266 — WordPress Plugin Exploit [1] https://t.co/00u8zChXD3 Hunting @fofabot body="checkout-mestres-wp" [+] Step 2: User 'adminx' registered successfully. [!] Set password manually from admin panel or reset link. https://t.co/tIhKnH1Jmb
@akaclandestine
30 Mar 2025
2585 Impressions
11 Retweets
43 Likes
28 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2266 — #WordPress Plugin Exploit CVSS:9.8 (#Critical) PoC: https://t.co/4G3zNt51sw #Trump #كل_عام_وانتم_بخير #Hacking #hackaccount
@Nxploit1
29 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2266: CRITICAL] WordPress plugin Checkout Mestres do WP for WooCommerce versions 8.6.5 to 8.7.5 contain a critical vulnerability allowing unauthenticated attackers to escalate privileges by altering user...#cybersecurity,#vulnerability https://t.co/kYqqhHTZcT https://t.
@CveFindCom
29 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2266 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-29 07:15:18 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/ci9wdcdLOj
@vulns_space
29 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes