PT-2025-40493 · Unknown+1 · Woocommerce+1
Johska
·
Published
2025-10-03
·
Updated
2025-10-08
·
CVE-2025-9286
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Appy Pie Connect for WooCommerce versions up to and including 1.1.2
Description
The Appy Pie Connect for WooCommerce plugin for WordPress is susceptible to a privilege escalation issue. A missing authorization check within the
reset user password() REST handler allows unauthenticated attackers to reset the passwords of any user, including administrators. This can lead to complete administrative control of the WordPress site. The reset user password() function lacks proper authentication, enabling attackers to exploit this flaw with a single request.Recommendations
Update Appy Pie Connect for WooCommerce to a version later than 1.1.2.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appy Pie Connect For Woocommerce
Woocommerce