CVE-2025-12500
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated File Upload Vulnerability in WooCommerce Checkout Manager

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: Wordfence

Description
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the "ajax_checkout_attachment_upload" function. This makes it possible for unauthenticated attackers to upload files to the server, though file types are limited to WordPress's default allowed MIME types (images, documents, etc.).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12500
EUVD
EUVD-2025-207876
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
wordfence woocommerce_checkout_manager to 7.8.1 (inc)
wordfence woocommerce_checkout_manager 7.8.2
wordfence woocommerce_checkout_manager 7.8.0
woocommerce checkout_field_manager to 7.8.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the WooCommerce Checkout Manager plugin for WordPress (up to version 7.8.1) allows unauthenticated attackers to upload files to the server via the "ajax_checkout_attachment_upload" function. This happens because the plugin does not properly verify if the user is authorized to perform file uploads. Although the uploaded file types are limited to WordPress's default allowed MIME types (such as images and documents), unauthorized users can still upload files without logging in or having proper permissions.

Impact Analysis

This vulnerability can impact you by allowing attackers to upload files to your server without authentication. Even though the file types are limited, this can still lead to potential abuse such as storage of malicious files, exploitation of server resources, or use as a foothold for further attacks. It may also lead to unauthorized modification or addition of content related to WooCommerce orders.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves identifying unauthorized or unauthenticated file upload attempts targeting the WooCommerce Checkout Manager plugin\'s AJAX endpoint "ajax_checkout_attachment_upload".'}, {'type': 'paragraph', 'content': 'You can monitor web server logs for POST requests to the AJAX handler URL related to file uploads without proper authentication or nonce verification.'}, {'type': 'paragraph', 'content': 'Example commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "Using grep to find POST requests to the vulnerable AJAX endpoint in Apache or Nginx logs: grep -i 'POST.*ajax_checkout_attachment_upload' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Checking for requests missing valid nonce parameters or from unauthenticated IPs.'}, {'type': 'list_item', 'content': 'Using WordPress debug or audit logs (if enabled) to identify unauthorized file upload attempts.'}, {'type': 'paragraph', 'content': 'Additionally, scanning for the plugin version installed (versions up to 7.8.1 are vulnerable) can help confirm exposure.'}] [2]

Mitigation Strategies

The primary immediate mitigation step is to update the WooCommerce Checkout Manager plugin to version 7.8.2 or later, where the vulnerability is fixed.

Version 7.8.2 includes multiple security enhancements such as:

  • Strict authorization checks on file uploads, including nonce verification and user/session validation.
  • Limiting the number of files per upload to prevent abuse.
  • Removal of unauthenticated file deletion capabilities.
  • Authorization checks on file deletion ensuring only authenticated and authorized users can delete attachments.

If immediate update is not possible, consider temporarily disabling the file upload feature or restricting access to the AJAX endpoints via web server rules or firewall to prevent unauthenticated access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12500. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart