Vulnerabilites related to tripleatechnology - Cryptocurrency Payment Gateway for WooCommerce
CVE-2025-12392 (GCVE-0-2025-12392)
Vulnerability from cvelistv5
Published
2025-11-18 09:27
Modified
2025-11-18 09:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to opt in and out of tracking.
References
Impacted products
Vendor Product Version
tripleatechnology Cryptocurrency Payment Gateway for WooCommerce Version: *    2.0.22
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cryptocurrency Payment Gateway for WooCommerce",
          "vendor": "tripleatechnology",
          "versions": [
            {
              "lessThanOrEqual": "2.0.22",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Abhirup Konwar"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027handle_optin_optout\u0027 function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to opt in and out of tracking."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T09:27:39.093Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96d48392-fb64-4e5e-be9c-21df0bf75de6?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/triplea-cryptocurrency-payment-gateway-for-woocommerce/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-17T20:53:28.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Cryptocurrency Payment Gateway for WooCommerce \u003c= 2.0.22 - Missing Authorization to Unauthenticated Tracking Status Update"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-12392",
    "datePublished": "2025-11-18T09:27:39.093Z",
    "dateReserved": "2025-10-28T13:28:46.120Z",
    "dateUpdated": "2025-11-18T09:27:39.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}