CVE-2025-5816
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| biteship | biteship | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Biteship WooCommerce plugin (up to version 3.2.0) is an Insecure Direct Object Reference (IDOR) in the get_order_detail() function. This occurs because the plugin does not properly validate a user-controlled key (order ID) before fetching order details. As a result, authenticated users with Subscriber-level access or higher can view order details belonging to other users, which they should not have access to.
How can this vulnerability impact me? :
This vulnerability allows authenticated users with low-level access (Subscriber and above) to view other users' order details. This can lead to unauthorized disclosure of sensitive order information, potentially exposing customer data and order tracking details that should be private.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with data protection regulations such as GDPR and HIPAA because it allows unauthorized access to personal and order information of other users. Such unauthorized disclosure of personal data violates principles of data confidentiality and access control required by these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WooCommerce site is running the Biteship plugin version 3.2.0 or earlier and by testing if an authenticated user with Subscriber-level access can access order details of other users via the get_order_detail() functionality. Since the vulnerability involves missing validation on a user-controlled key in a POST request, you can attempt to send a POST request to the endpoint handling get_order_detail() with an order ID that does not belong to the authenticated user and observe if order details are returned. Specific commands would depend on the site setup, but a curl command example to test could be: curl -X POST -d 'order_id=TARGET_ORDER_ID' -b 'cookie=AUTH_COOKIE' https://your-site.com/wp-admin/admin-ajax.php?action=get_order_detail Replace TARGET_ORDER_ID with an order ID not owned by the authenticated user and AUTH_COOKIE with the session cookie of a Subscriber-level user. If order details are returned, the vulnerability is present. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Biteship WooCommerce plugin to a version later than 3.2.0 where the vulnerability is fixed. 2. Restrict access to the get_order_detail() functionality to only allow users with appropriate permissions (e.g., shop managers or administrators). 3. Implement proper validation and authorization checks on the order ID parameter to ensure users can only access their own orders. 4. As a temporary measure, disable or restrict the AJAX endpoint handling get_order_detail() if possible. 5. Monitor user access logs for suspicious activity involving order detail requests. These steps help prevent authenticated users with Subscriber-level access from viewing other users' orders. [1, 2]