Skip to main content

CVE-2025-39362: CWE-862 Missing Authorization in Mollie Mollie Payments for WooCommerce

Medium
VulnerabilityCVE-2025-39362cvecve-2025-39362cwe-862
Published: Wed Jul 02 2025 (07/02/2025, 10:59:06 UTC)
Source: CVE Database V5
Vendor/Project: Mollie
Product: Mollie Payments for WooCommerce

Description

Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.

AI-Powered Analysis

AILast updated: 07/02/2025, 11:24:33 UTC

Technical Analysis

CVE-2025-39362 is a Missing Authorization vulnerability (CWE-862) identified in the Mollie Payments plugin for WooCommerce, affecting versions up to and including 8.0.2. Mollie Payments is a widely used payment gateway integration for WooCommerce, a popular e-commerce platform on WordPress. The vulnerability arises because the plugin fails to properly enforce authorization checks on certain operations, allowing unauthorized users to perform actions that should be restricted. According to the CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), the vulnerability can be exploited remotely over the network without any privileges or user interaction, making it relatively easy to exploit. The impact primarily affects the integrity and availability of the system, as unauthorized actors could manipulate payment-related data or disrupt payment processing. However, confidentiality is not directly impacted. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that remediation may still be pending or in development. The vulnerability's medium severity score of 6.5 reflects the moderate risk posed by the lack of authorization controls, especially given the critical role payment plugins play in e-commerce operations.

Potential Impact

For European organizations, especially those operating e-commerce websites using WooCommerce with the Mollie Payments plugin, this vulnerability poses a significant risk. Unauthorized manipulation of payment transactions could lead to financial discrepancies, fraudulent transactions, or denial of payment services, impacting business revenue and customer trust. Given the GDPR and other stringent data protection regulations in Europe, any disruption or manipulation of payment data could also lead to regulatory scrutiny if it results in data integrity issues or affects customer transactions. The vulnerability could be exploited to alter order statuses, payment confirmations, or refund processes, potentially causing financial loss or operational disruption. Since WooCommerce is popular among small to medium enterprises across Europe, the scope of affected organizations is broad. Additionally, the lack of authentication requirement means attackers can attempt exploitation at scale, increasing the threat surface.

Mitigation Recommendations

Organizations should immediately verify if they are running Mollie Payments for WooCommerce version 8.0.2 or earlier and plan to update to a patched version once available. Until a patch is released, administrators should consider temporarily disabling the Mollie Payments plugin or restricting access to the WooCommerce admin interface to trusted IP addresses only. Implementing Web Application Firewall (WAF) rules to monitor and block suspicious requests targeting payment endpoints can help mitigate exploitation attempts. Regularly auditing payment transaction logs for anomalies and unauthorized changes is critical. Additionally, organizations should enforce strict role-based access controls within WordPress and WooCommerce to minimize the risk of unauthorized actions by internal or external actors. Monitoring vendor communications for patch releases and applying updates promptly is essential to close this security gap.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-04-16T06:22:20.495Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686513796f40f0eb729268da

Added to database: 7/2/2025, 11:09:45 AM

Last enriched: 7/2/2025, 11:24:33 AM

Last updated: 7/3/2025, 3:52:58 AM

Views: 6

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats