CVE-2025-68023
Description
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Addonify – Compare Products for WooCommerce allows unauthenticated attackers to change plugin settings.
Vulnerability
Description The Addonify – Compare Products for WooCommerce plugin for WordPress versions up to 1.1.17 contains a missing authorization vulnerability. This flaw allows attackers to exploit incorrectly configured access control security levels, enabling unauthorized modification of plugin settings [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable endpoint. No authentication is required, making it accessible to anyone with network access to the WordPress site [1].
Impact
Successful exploitation allows an attacker to modify the plugin's settings, which could lead to redirecting product comparison pages, injecting malicious content, or disrupting the functionality of the compare feature. This can affect the user experience and potentially compromise the site's integrity [1].
Mitigation
The vendor has released version 1.1.18 which fixes the vulnerability. Users are strongly advised to update immediately. For those unable to update, Patchstack offers a mitigation rule until the update can be applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.1.17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.