Woocommerce Multiple Addresses Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the Woocommerce Multiple Addresses plugin for WordPress, affecting all versions through 1.0.7.1. The issue arises from inadequate restrictions on user meta that can be modified via the save_multiple_shipping_addresses() function. This vulnerability allows authenticated attackers with Subscriber-level access or higher to elevate their privileges to that of an administrator.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain administrative rights.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Woocommerce Multiple Addresses Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating