CVE-2025-69024

Vulnerability

Overview

The BizPrint plugin for WordPress (print-google-cloud-print-gcp-woocommerce) contains a missing authorization vulnerability in versions up to and including 4.6.7. This is a broken access control issue where the plugin fails to properly verify user permissions or nonce tokens in certain functions, leading to incorrectly configured access control security levels [1].

Exploitation

Attackers can exploit this vulnerability without requiring authentication, as the missing authorization check allows unprivileged users to perform actions that should be restricted to higher-privileged roles. The vulnerability is particularly concerning because it can be used in mass-exploit campaigns targeting thousands of websites regardless of their size or popularity [1].

Impact

Successful exploitation enables an attacker to bypass access controls and potentially execute unauthorized actions within the plugin's functionality that should be protected. While the CVSS score of 6.5 indicates a medium severity, the broken access control can lead to unauthorized data access or modification, depending on the affected functions [1].

Mitigation

The vulnerability has been patched in version 4.7.1 of the BizPrint plugin. Users are strongly advised to update immediately. For those unable to update, contacting a hosting provider or web developer for assistance is recommended. Patchstack users can enable auto-updates for vulnerable plugins [1]