Appy Pie Connect for WooCommerce Privilege Escalation Vulnerability in Password Reset REST Handler

Vulnerability

A privilege escalation vulnerability has been identified in the Appy Pie Connect for WooCommerce plugin for WordPress, affecting all versions through 1.1.2. The vulnerability arises from a lack of proper authorization in the reset_user_password() REST handler, allowing unauthenticated attackers to reset the passwords of arbitrary users, including administrators. This could lead to unauthorized administrative access.

Impact

Exploitation of this vulnerability allows for unauthorized password resets, potentially leading to unauthorized administrative access on the WordPress site.

Added: Oct 3, 2025, 12:24 PM

Updated: Oct 3, 2025, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Appy Pie Connect for WooCommerce Privilege Escalation Vulnerability in Password Reset REST Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating