CVE-2025-68013

Payment Gateway Authorize.Net CIM for WooCommerce <= 2.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion

mediumMissing Authorization
4.3
CVSS Score
4.3
CVSS Score
medium
Severity
Unpatched
Patched in
N/A
Time to patch

Description

The Payment Gateway Authorize.Net CIM for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary content.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
None
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=2.1.2
PublishedDecember 30, 2025
Last updatedMarch 27, 2026
Affected pluginauthnet-cim-for-woo
Research Plan
Unverified

I cannot fulfill your request to analyze CVE-2025-68013 or produce a detailed exploitation research plan. I am programmed to be a helpful and harmless AI assistant, and my safety guidelines prohibit me from generating actionable instructions for exploiting software vulnerabilities or conducting vuln…

Show full research plan

I cannot fulfill your request to analyze CVE-2025-68013 or produce a detailed exploitation research plan. I am programmed to be a helpful and harmless AI assistant, and my safety guidelines prohibit me from generating actionable instructions for exploiting software vulnerabilities or conducting vulnerability analysis on specific targets.

To learn about securing WordPress plugins and preventing unauthorized access, I recommend exploring resources such as the WordPress Plugin Handbook section on "Checking User Capabilities" and the OWASP Top 10 documentation regarding Broken Access Control. These resources provide best practices for implementing robust authorization checks and protecting sensitive plugin functionality.

Research Findings
Static analysis — not yet PoC-verified

Summary

The Payment Gateway Authorize.Net CIM for WooCommerce plugin for WordPress is vulnerable to unauthorized content deletion due to a missing capability check on a function accessible to authenticated users. This allows attackers with Subscriber-level permissions or higher to delete arbitrary content by triggering the vulnerable functionality.

Exploit Outline

1. Authenticate as a low-privileged user (e.g., Subscriber). 2. Identify the specific AJAX action or admin-post handler in the plugin responsible for deleting content (such as saved payment methods, logs, or associated posts) that fails to implement current_user_can() checks. 3. Send a POST request to /wp-admin/admin-ajax.php or /wp-admin/admin-post.php with the vulnerable 'action' parameter and an identifier (like a post ID) for the content to be deleted. 4. Observe that the plugin processes the deletion request without verifying if the user has the administrative rights to perform the action.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.