{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67909", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T09:59:40.761Z", "datePublished": "2025-12-24T13:10:24.788Z", "dateUpdated": "2026-04-28T16:14:22.929Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "membership-for-woocommerce", "product": "Membership For WooCommerce", "vendor": "WP Swings", "versions": [{"changes": [{"at": "3.0.4", "status": "unaffected"}], "lessThanOrEqual": "3.0.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "timomangcut | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:23:09.825Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:22.929Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-0-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "title": "WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T17:59:46.278840Z", "id": "CVE-2025-67909", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T17:59:54.185Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T17:59:46.278840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-24T18:54:20.667Z"}}], "cna": {"title": "WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "timomangcut | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WP Swings", "product": "Membership For WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "3.0.4", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0.3"}], "packageName": "membership-for-woocommerce", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:23:09.825Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-0-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:54.292Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67909", "state": "PUBLISHED", "dateUpdated": "2026-04-27T17:59:54.185Z", "dateReserved": "2025-12-15T09:59:40.761Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-24T13:10:24.788Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3."}], "id": "CVE-2025-67909", "lastModified": "2026-04-27T18:16:47.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-24T13:16:19.677", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-plugin-3-0-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:27:31.344302+00:00", "value": {"mitigation_remediation": ["Upgrade Membership For WooCommerce to the latest available release (preferably >= 3.0.4) to eliminate the IDOR flaw.", "Restrict administrative and plugin\u2011level permissions to only trusted users and explicitly block access to membership endpoints for unauthorised roles.", "Implement input validation on all membership, order, and user\u2011ID parameters to ensure that only entries the current user is authorized to view or modify can be requested, as a defensive measure against future IDOR attempts."], "summary": {"action": "Upgrade Immediately", "impact": "Unauthorized Data Access"}, "threat_synthesis": {"affected_systems": "WordPress installations that have the WP Swings Membership For WooCommerce plugin installed with any version up to and including 3.0.3 are exposed. Sites using older or newer versions are not affected; however, the exact version boundary is only documented as <= 3.0.3.", "description_and_impact": "The vulnerability is an Insecure Direct Object Reference, where an attacker can manipulate user\u2011controlled keys to bypass access control in the Membership For WooCommerce plugin. This allows unauthorized access to membership or order data, potentially modifying status or viewing sensitive customer information. The weakness is classified as CWE\u2011639 \u2013 Authorization Bypass Through User\u2011Controlled Key.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, but the EPSS score of less than 1% suggests a very low probability of exploitation in the near term, and the vulnerability is not listed in the CISA KEV catalog. The attack requires access to the web application and the ability to supply crafted requests to the plugin\u2019s endpoints; the likely vector is a remote attacker sending manipulated requests to the WordPress admin area or exposed endpoints. Due to the misconfigured access control, even non\u2011privileged users can potentially retrieve or alter membership information."}}}}, "created": "2025-12-29T22:34:34.811782+00:00", "updated": "2026-04-28T18:30:37.343023+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpswings", "wpswings$PRODUCT$membership_for_woocommerce"]}