CVE-2025-68023
Missing Authorization in Addonify Compare Products Plugin
Publication date: 2026-02-20
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| addonify | addonify_compare_products | From 1.1.0 (inc) to 1.1.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-68023 is a medium priority vulnerability in the WordPress plugin "Addonify β Compare Products For WooCommerce" versions up to and including 1.1.17.'}, {'type': 'paragraph', 'content': 'The vulnerability is a "Settings Change" issue caused by broken access control, meaning that unauthorized users can improperly change plugin settings.'}, {'type': 'paragraph', 'content': 'This is related to incorrectly configured access control security levels, allowing exploitation by unauthenticated users.'}] [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated users to change the settings of the Addonify β Compare Products For WooCommerce plugin.
Improper changes to plugin settings can lead to security risks, potentially affecting the functionality and security posture of your WooCommerce site.
Because the vulnerability has a CVSS score of 6.5, it is considered moderately severe and has a reasonable likelihood of exploitation.
Exploitation could result in unauthorized configuration changes that might compromise site behavior or security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized changes to plugin settings due to broken access control in the Addonify β Compare Products For WooCommerce plugin up to version 1.1.17.
Detection can focus on monitoring for unauthorized access attempts or changes to the plugin settings, especially from unauthenticated users.
While no specific commands are provided, general approaches include:
- Reviewing web server logs for suspicious POST requests targeting the Addonify plugin endpoints.
- Using WordPress security plugins or monitoring tools to detect unauthorized configuration changes.
- Employing network intrusion detection systems (IDS) with rules that identify attempts to exploit this vulnerability, such as those provided by Patchstack.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the Addonify β Compare Products For WooCommerce plugin to version 1.1.18 or later, where this vulnerability is patched.
Until the update can be applied, users can apply mitigation rules provided by Patchstack that block attacks targeting this vulnerability.
Additionally, enabling automatic updates for the plugin can help ensure rapid protection against this and similar vulnerabilities.