Executive Summary

CVE-2025-69052 is a high-severity Broken Access Control vulnerability in the WordPress plugin "Registration & Login with Mobile Phone Number for WooCommerce" versions up to 1.3.1. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that should be restricted to higher-privileged users. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to bypass access controls and perform unauthorized actions within the affected plugin, potentially compromising the security of your WooCommerce site. Because it enables unauthenticated users to execute privileged operations, it poses a critical risk with a high likelihood of exploitation, which could lead to data breaches, unauthorized account access, or manipulation of user registration and login processes. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized access attempts or actions that should require higher privileges but are performed by unauthenticated users. Patchstack provides automatic mitigation rules that can help block attacks targeting this vulnerability. However, specific detection commands or network signatures are not detailed in the provided resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the 'Registration & Login with Mobile Phone Number for WooCommerce' plugin to version 1.3.2 or later, which contains the patch fully resolving the issue. Additionally, applying Patchstack's automatic mitigation rules can help block attacks targeting this vulnerability until the update is applied. [1]

Useful 0 Not Useful 0