CVE-2025-12903
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: Wordfence

Description
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownership or authentication. This makes it possible for unauthenticated attackers to retrieve payment method nonces for any stored payment token in the system, which can be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12903
EUVD
EUVD-2025-119984
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
wordpress woocommerce 3.2.79
wordpress woocommerce 3.2.78
braintree braintree *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Payment Plugins Braintree For WooCommerce plugin for WordPress, where a REST API endpoint (wc-braintree/v1/3ds/vaulted_nonce) is registered without proper permission checks (permission_callback set to __return_true). This means anyone, including unauthenticated attackers, can access this endpoint and retrieve payment method nonces for any stored payment token in the system. These nonces can then be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions without authorization. [1]

Impact Analysis

This vulnerability can allow attackers to bypass authorization and obtain payment method nonces for stored payment tokens. As a result, attackers can perform fraudulent transactions, charge customers' credit cards without their consent, or attach payment methods to subscriptions they do not own. This can lead to financial loss, reputational damage, and unauthorized use of customer payment information. [1]

Detection Guidance

This vulnerability can be detected by checking if the vulnerable REST API endpoint `wc-braintree/v1/3ds/vaulted_nonce` is accessible without authentication on your WordPress site running the Payment Plugins Braintree For WooCommerce plugin version 3.2.78 or earlier. You can test this by sending an unauthenticated HTTP POST request to the endpoint and observing if it returns a payment method nonce. For example, using curl: `curl -X POST https://your-wordpress-site.com/wp-json/wc-braintree/v1/3ds/vaulted_nonce -d 'token_id=some_token_id'` If the response returns a success with nonce details without requiring authentication, the vulnerability is present. [1]

Mitigation Strategies

Immediate mitigation steps include: 1. Update the Payment Plugins Braintree For WooCommerce plugin to a version later than 3.2.78 where this vulnerability is fixed. 2. If an update is not immediately possible, restrict access to the vulnerable REST API endpoint by implementing server-level access controls (e.g., firewall rules or .htaccess restrictions) to block unauthenticated requests to `wc-braintree/v1/3ds/vaulted_nonce`. 3. Review and enforce proper authentication and capability checks on the REST API endpoints, ensuring permission callbacks do not unconditionally allow access. 4. Monitor your logs for suspicious POST requests to this endpoint and investigate any unauthorized access attempts. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12903. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart