CVE-2025-68025

Vulnerability

Overview

The Addonify Floating Cart For WooCommerce plugin versions up to and including 1.2.17 contain a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, allowing unauthenticated users to bypass intended restrictions [1].

Exploitation

Details

The vulnerability can be exploited without authentication. Attackers do not need a valid account or any special privileges. The attack vector is over the network, and the complexity is low. No user interaction is required, making it feasible for mass exploitation campaigns targeting thousands of WordPress sites [1].

Potential

Impact

Successful exploitation could allow an unprivileged attacker to perform actions that should be restricted to higher-privileged users. This may include modifying settings or accessing sensitive data, leading to partial compromise of the site's confidentiality, integrity, or availability (CVSS base score 6.5) [1].

Mitigation

The vendor has not released a patch at the time of publication. Users are advised to update the plugin to a patched version once available. As an immediate workaround, consider disabling the plugin or implementing a web application firewall rule to block malicious requests targeting this vulnerability [1].