CVE-2025-68018
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-01
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ilmosys | woc-order-alert | From 3.0.0 (inc) to 3.6.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or unauthenticated requests attempting to access or perform privileged actions on the Order Listener for WooCommerce Plugin (woc-order-alert) versions up to 3.6.1. Since the issue involves missing authorization checks, detection involves identifying suspicious HTTP requests targeting the plugin's endpoints without proper authentication. Patchstack provides a mitigation rule that blocks all legitimate and illegitimate requests related to this vulnerability, which can be used to detect and prevent exploitation. Specific commands are not provided in the available resources, but network monitoring tools or web application firewalls configured with Patchstack's mitigation rules can help detect attempts to exploit this vulnerability. [1]
Can you explain this vulnerability to me?
CVE-2025-68018 is a high-priority Broken Access Control vulnerability in the WordPress Order Listener for WooCommerce Plugin (versions up to 3.6.1). It is caused by missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that should require higher privileges. This means attackers can exploit incorrectly configured access control to gain unauthorized access or perform unauthorized actions within the plugin. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows unauthenticated users to perform privileged actions, potentially leading to unauthorized access, data manipulation, or disruption of order processing in WooCommerce. Given its high CVSS score of 9.4, it is highly dangerous and likely to be exploited, which could compromise the security and integrity of your e-commerce platform. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the Patchstack mitigation rule that blocks all legitimate and illegitimate requests related to this vulnerability to cover all attack scenarios until an official patch is released. This mitigation can be applied automatically via Patchstackβs platform to protect affected websites. Users are strongly advised to implement this mitigation immediately to prevent exploitation. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.