CVE-2025-2266

CRITICAL

Checkout Mestres do WP for WooCommerce <8.7.5 - Privilege Escalation

Title source: llm

Description

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Exploits (3)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/CVE-2025-2266.py

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-2266

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-2266

View Code ZIP pw:eip

References (3)

[Product] https://plugins.trac.wordpress.org/browser/checkout-mestres-wp/trunk/backend/core/base/ajax.php#L31

[Product] https://wordpress.org/plugins/checkout-mestres-wp/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/9834fd5b-8445-4c6f-95f9-f0df785c65f8?source=cve

Scores

CVSS v3 9.8

EPSS 0.0068

EPSS Percentile 71.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (1)

mestresdowp/Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5

Published Mar 29, 2025

Tracked Since Feb 18, 2026