CVE-2025-12903: CWE-639 Authorization Bypass Through User-Controlled Key in paymentplugins Payment Plugins Braintree For WooCommerce
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownership or authentication. This makes it possible for unauthenticated attackers to retrieve payment method nonces for any stored payment token in the system, which can be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions.
AI Analysis
Technical Summary
CVE-2025-12903 is an authorization bypass vulnerability in the Payment Plugins Braintree For WooCommerce plugin for WordPress. The vulnerability arises because the REST API endpoint wc-braintree/v1/3ds/vaulted_nonce is registered with a permission callback that always returns true, effectively disabling authorization checks. This allows unauthenticated attackers to supply token IDs and retrieve payment method nonces without verifying ownership or authentication. These nonces can then be used to perform fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions. The issue affects all versions up to and including 3.2.78.
Potential Impact
An attacker can exploit this vulnerability without authentication to retrieve payment method nonces associated with any stored payment token in the system. This can lead to fraudulent transactions, unauthorized charges on customer credit cards, or unauthorized attachment of payment methods to subscriptions. The vulnerability compromises the confidentiality and integrity of payment data but does not affect availability. The CVSS 3.1 base score is 7.5 (High), reflecting the network attack vector, low attack complexity, no privileges required, and high impact on confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected REST API endpoint by implementing custom permission checks or disabling the endpoint if not required. Monitor for updates from the vendor and apply patches promptly once released.
CVE-2025-12903: CWE-639 Authorization Bypass Through User-Controlled Key in paymentplugins Payment Plugins Braintree For WooCommerce
Description
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownership or authentication. This makes it possible for unauthenticated attackers to retrieve payment method nonces for any stored payment token in the system, which can be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-12903 is an authorization bypass vulnerability in the Payment Plugins Braintree For WooCommerce plugin for WordPress. The vulnerability arises because the REST API endpoint wc-braintree/v1/3ds/vaulted_nonce is registered with a permission callback that always returns true, effectively disabling authorization checks. This allows unauthenticated attackers to supply token IDs and retrieve payment method nonces without verifying ownership or authentication. These nonces can then be used to perform fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions. The issue affects all versions up to and including 3.2.78.
Potential Impact
An attacker can exploit this vulnerability without authentication to retrieve payment method nonces associated with any stored payment token in the system. This can lead to fraudulent transactions, unauthorized charges on customer credit cards, or unauthorized attachment of payment methods to subscriptions. The vulnerability compromises the confidentiality and integrity of payment data but does not affect availability. The CVSS 3.1 base score is 7.5 (High), reflecting the network attack vector, low attack complexity, no privileges required, and high impact on confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected REST API endpoint by implementing custom permission checks or disabling the endpoint if not required. Monitor for updates from the vendor and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-11-07T20:09:44.746Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6914483ad823118ac8c87d36
Added to database: 11/12/2025, 8:41:30 AM
Last enriched: 4/9/2026, 4:23:10 PM
Last updated: 5/10/2026, 2:15:22 AM
Views: 222
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.