CVE-2025-24762
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-24762 is a Broken Access Control vulnerability in the WordPress plugin "TicketBAI Facturas para WooCommerce" up to version 3.19. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that normally require higher privileges. This means attackers can exploit the plugin to carry out unauthorized privileged actions without logging in. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized privileged actions on your WooCommerce site using the TicketBAI Facturas plugin without authentication. Although the severity is considered low (CVSS 5.4), it can lead to integrity and availability impacts, such as unauthorized changes or disruptions in the invoicing functionality. Users should monitor for suspicious activity and consider incident response if compromise is suspected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves missing authorization checks in the TicketBAI Facturas para WooCommerce plugin, allowing unauthorized privileged actions without authentication. Detection would involve monitoring for unusual or unauthorized actions performed via the plugin's functions. Since no specific detection commands or signatures are provided, it is recommended to audit access logs for unexpected access patterns or privilege escalations related to the plugin. Additionally, monitoring WordPress logs and plugin activity for unauthorized changes or actions may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring for updates from the plugin developer and applying patches once available. Since no official patch or fixed version currently exists, consider implementing virtual patching as a general mitigation strategy to block unauthorized access attempts. Restrict access to the affected plugin's functions by limiting user privileges and hardening access controls on your WordPress installation. If compromise is suspected, engage professional incident response services. [1]