Primary

Context

Checkout Mestres do WP for WooCommerce Unauthenticated Privilege Escalation Vulnerability

Vulnerability

A vulnerability exists in the Checkout Mestres do WP for WooCommerce plugin for WordPress, specifically in versions 8.6.5 prior to 8.7.5. The issue arises from a missing capability check in the cwmpUpdateOptions() function, allowing unauthenticated attackers to arbitrarily modify WordPress options. This vulnerability can be exploited to change the default user role for new registrations to administrator, thereby granting administrative access to the attacker on the affected WordPress site.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges on the WordPress site.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkout Mestres do WP for WooCommerce Unauthenticated Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating