CVE-2025-12903
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | woocommerce | 3.2.79 |
| wordpress | woocommerce | 3.2.78 |
| braintree | braintree | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Payment Plugins Braintree For WooCommerce plugin for WordPress, where a REST API endpoint (wc-braintree/v1/3ds/vaulted_nonce) is registered without proper permission checks (permission_callback set to __return_true). This means anyone, including unauthenticated attackers, can access this endpoint and retrieve payment method nonces for any stored payment token in the system. These nonces can then be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions without authorization. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass authorization and obtain payment method nonces for stored payment tokens. As a result, attackers can perform fraudulent transactions, charge customers' credit cards without their consent, or attach payment methods to subscriptions they do not own. This can lead to financial loss, reputational damage, and unauthorized use of customer payment information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the vulnerable REST API endpoint `wc-braintree/v1/3ds/vaulted_nonce` is accessible without authentication on your WordPress site running the Payment Plugins Braintree For WooCommerce plugin version 3.2.78 or earlier. You can test this by sending an unauthenticated HTTP POST request to the endpoint and observing if it returns a payment method nonce. For example, using curl: `curl -X POST https://your-wordpress-site.com/wp-json/wc-braintree/v1/3ds/vaulted_nonce -d 'token_id=some_token_id'` If the response returns a success with nonce details without requiring authentication, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Payment Plugins Braintree For WooCommerce plugin to a version later than 3.2.78 where this vulnerability is fixed. 2. If an update is not immediately possible, restrict access to the vulnerable REST API endpoint by implementing server-level access controls (e.g., firewall rules or .htaccess restrictions) to block unauthenticated requests to `wc-braintree/v1/3ds/vaulted_nonce`. 3. Review and enforce proper authentication and capability checks on the REST API endpoints, ensuring permission callbacks do not unconditionally allow access. 4. Monitor your logs for suspicious POST requests to this endpoint and investigate any unauthorized access attempts. [1, 2]