CVE-2025-2266

CRITICAL

Checkout Mestres do WP for WooCommerce <8.7.5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-2266. PoCs published by iSee857, Nxploited, Boshe99.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-2266, demonstrating a command execution vulnerability in OpenCode. The PoC sends a crafted request to create a session and execute commands via the shell endpoint.

Description

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Exploits (3)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/CVE-2025-2266.py

The repository contains functional exploit code for CVE-2025-2266, demonstrating a command execution vulnerability in OpenCode. The PoC sends a crafted request to create a session and execute commands via the shell endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenCode
No auth needed
Prerequisites: network access to the target · OpenCode service running
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 8 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-2266

This Python script exploits an unauthenticated arbitrary options update vulnerability in the Checkout Mestres do WP for WooCommerce plugin (CVE-2025-2266) to enable user registration and set the default role to administrator, allowing an attacker to create a new admin user.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Checkout Mestres do WP for WooCommerce plugin for WordPress (versions 8.6.5 through 8.7.5)
No auth needed
Prerequisites: Target WordPress site with vulnerable plugin installed · Network access to the target site
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-2266

The repository contains functional exploit code for CVE-2025-2266, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the vulnerability by uploading a shell file to a vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: Target URL · Shell file path
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0060
EPSS Percentile 43.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
mestresdowp/Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5
Published Mar 29, 2025
Tracked Since Feb 18, 2026