CVE-2025-69401
Awaiting Analysis Awaiting Analysis - Queue

Authentication Bypass in WooODT Lite Plugin Allows Identity Spoofing

Vulnerability report for CVE-2025-69401, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-04-27

Assigner: Patchstack

Description

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-04-27
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
byconsole woo_odt_lite From 2.0.0 (inc) to 2.5.2 (inc)
mdalabar woo_odt_lite to 2.5.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-69401 is an authentication bypass vulnerability in the WordPress WooODT Lite plugin (versions up to and including 2.5.2). It allows unauthenticated attackers to bypass certain code restrictions by spoofing identity, effectively enabling them to perform actions without proper authentication.

This vulnerability is classified under OWASP Top 10 A4: Insecure Design and does not require any privileges to exploit, making it highly dangerous.

Impact Analysis

This vulnerability poses a significant security risk as it allows attackers to bypass authentication and perform unauthorized actions on affected websites.

Because no privileges are required to exploit it, attackers can easily target vulnerable sites, potentially leading to unauthorized access, data manipulation, or other malicious activities.

No official patch is currently available, so users must rely on mitigation rules provided by Patchstack to protect their sites.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Users are strongly advised to apply Patchstack’s mitigation measures immediately to protect their websites.

No official patch is currently available for this issue, so applying the mitigation rule provided by Patchstack is the recommended immediate step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69401. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart