CVE-2025-13666
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woocommerce | woocommerce | * |
| helloprint | wordpress_plugin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Helloprint plugin for WordPress has a vulnerability called Missing Authorization in versions up to 2.1.2. This happens because the plugin exposes a public REST API endpoint without checking if the request is authorized. As a result, attackers who are not logged in can use this endpoint to change WooCommerce order statuses by providing a valid order reference ID.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to arbitrarily modify the status of WooCommerce orders. This could lead to unauthorized changes in order processing, potentially causing business disruption, financial loss, or customer dissatisfaction.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the HelloPrint plugin to a version later than 2.1.2 if available, where authorization checks are implemented. 2. If an update is not available, restrict access to the vulnerable REST API endpoint by implementing authentication or IP restrictions via web server configuration or security plugins. 3. Use a Web Application Firewall (WAF) to block unauthenticated requests to `/wp-json/helloprint/v1/complete_order_from_helloprint_callback`. 4. Monitor WooCommerce orders for unauthorized status changes and audit logs for suspicious activity. 5. Disable or remove the HelloPrint plugin temporarily if mitigation is not possible until a patch is applied. These steps help prevent unauthenticated attackers from exploiting the missing authorization on the REST API endpoint. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP requests to the REST API endpoint `/wp-json/helloprint/v1/complete_order_from_helloprint_callback`. You can use network monitoring tools or web server logs to identify such requests. For example, using command line tools like `curl` to test the endpoint or `grep` to search web server logs for access to this endpoint. Example commands: 1. To check web server logs for access to the vulnerable endpoint: `grep '/wp-json/helloprint/v1/complete_order_from_helloprint_callback' /var/log/apache2/access.log` (adjust path as needed). 2. To test the endpoint manually (replace with actual orderReferenceId): `curl -X POST https://yourdomain.com/wp-json/helloprint/v1/complete_order_from_helloprint_callback -d '{"orderReferenceId":"test"}' -H 'Content-Type: application/json'` 3. Use intrusion detection systems or web application firewalls to alert on unauthenticated POST or GET requests to this endpoint. Additionally, review WooCommerce order metadata for unexpected changes in order statuses that could indicate exploitation. [2, 3]