CVE-2025-12392
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to opt in and out of tracking.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woocommerce | cryptocurrency_payment_gateway | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress allows unauthenticated attackers to modify data by exploiting a missing capability check in the 'handle_optin_optout' function. This enables attackers to opt users in or out of tracking without authorization.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized parties to change your tracking preferences, potentially affecting your privacy settings and how your data is collected or monitored.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70