CVE-2025-68023
Awaiting Analysis Awaiting Analysis - Queue
Missing Authorization in Addonify Compare Products Plugin

Publication date: 2026-02-20

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68023
EUVD
EUVD-2025-208066
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
addonify addonify_compare_products From 1.1.0 (inc) to 1.1.17 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-68023 is a medium priority vulnerability in the WordPress plugin "Addonify – Compare Products For WooCommerce" versions up to and including 1.1.17.'}, {'type': 'paragraph', 'content': 'The vulnerability is a "Settings Change" issue caused by broken access control, meaning that unauthorized users can improperly change plugin settings.'}, {'type': 'paragraph', 'content': 'This is related to incorrectly configured access control security levels, allowing exploitation by unauthenticated users.'}] [1]

Impact Analysis

This vulnerability allows unauthenticated users to change the settings of the Addonify – Compare Products For WooCommerce plugin.

Improper changes to plugin settings can lead to security risks, potentially affecting the functionality and security posture of your WooCommerce site.

Because the vulnerability has a CVSS score of 6.5, it is considered moderately severe and has a reasonable likelihood of exploitation.

Exploitation could result in unauthorized configuration changes that might compromise site behavior or security.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves unauthorized changes to plugin settings due to broken access control in the Addonify – Compare Products For WooCommerce plugin up to version 1.1.17.

Detection can focus on monitoring for unauthorized access attempts or changes to the plugin settings, especially from unauthenticated users.

While no specific commands are provided, general approaches include:

  • Reviewing web server logs for suspicious POST requests targeting the Addonify plugin endpoints.
  • Using WordPress security plugins or monitoring tools to detect unauthorized configuration changes.
  • Employing network intrusion detection systems (IDS) with rules that identify attempts to exploit this vulnerability, such as those provided by Patchstack.
Mitigation Strategies

The primary immediate mitigation step is to update the Addonify – Compare Products For WooCommerce plugin to version 1.1.18 or later, where this vulnerability is patched.

Until the update can be applied, users can apply mitigation rules provided by Patchstack that block attacks targeting this vulnerability.

Additionally, enabling automatic updates for the plugin can help ensure rapid protection against this and similar vulnerabilities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68023. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart