CVE-2025-12903

Name of the Vulnerable Software and Affected Versions Braintree For WooCommerce versions up to and including 3.2.78

Description The Payment Plugins Braintree For WooCommerce plugin for WordPress is susceptible to authorization bypass. This is caused by a missing capability check on the /wc-braintree/v1/3ds/vaulted nonce API endpoint. The endpoint is registered with permission callback set to return true, allowing processing of user-supplied token IDs without authentication or ownership verification. This enables unauthenticated attackers to retrieve payment method nonces for any stored payment token, potentially leading to fraudulent transactions, unauthorized charges, or attachment of payment methods to other subscriptions. The vulnerable parameter is the token ID.

Recommendations Update Braintree For WooCommerce to a version later than 3.2.78.