CVE-2025-64285 identifies a missing authorization vulnerability in the Premmerce Wholesale Pricing plugin for WooCommerce, specifically in versions up to and including 1.1.10. The vulnerability arises from incorrectly configured access control security levels, allowing unauthorized users to exploit the plugin's wholesale pricing features without proper permissions. This could enable attackers to alter wholesale pricing data, potentially leading to financial losses or disruption of business operations. The flaw does not require authentication, meaning any user or attacker with access to the WooCommerce environment could exploit it. The plugin is widely used by e-commerce sites running WooCommerce to manage wholesale pricing tiers and discounts. Although no public exploits have been reported yet, the vulnerability's nature makes it a significant risk for online retailers. The lack of a CVSS score necessitates an assessment based on impact and exploitability, which suggests a high severity due to the potential for unauthorized price manipulation and the ease of exploitation. The vulnerability was published on October 29, 2025, and no patches or mitigations have been officially released at the time of this report. Organizations using this plugin should be vigilant and prepare to apply updates or implement compensating controls.

For European organizations, this vulnerability poses a direct threat to e-commerce platforms using WooCommerce with the Premmerce Wholesale Pricing plugin. Unauthorized modification of wholesale prices can lead to significant financial losses, reputational damage, and operational disruptions. Wholesale customers might be offered incorrect pricing, which could result in revenue leakage or contractual disputes. Additionally, attackers could manipulate pricing to create confusion or gain unfair competitive advantages. The impact extends to supply chain relationships and customer trust, especially for businesses heavily reliant on wholesale transactions. Given the prevalence of WooCommerce in Europe’s e-commerce market, especially in countries with mature online retail sectors, the threat could affect a broad range of businesses from SMEs to large enterprises. The absence of authentication requirements lowers the barrier for exploitation, increasing the likelihood of attacks. Furthermore, compromised pricing data could be used as a stepping stone for further attacks within the affected e-commerce environment.

1. Monitor official Premmerce and WooCommerce channels for patches addressing CVE-2025-64285 and apply updates immediately upon release. 2. Until a patch is available, restrict access to the WooCommerce administrative interface and specifically to the Premmerce Wholesale Pricing plugin settings to trusted personnel only. 3. Implement strict role-based access controls (RBAC) to limit who can modify wholesale pricing configurations. 4. Enable detailed logging and monitoring of changes to pricing data and plugin settings to detect unauthorized modifications promptly. 5. Conduct regular audits of user permissions and plugin configurations to ensure no unauthorized access paths exist. 6. Consider deploying web application firewalls (WAF) with custom rules to block suspicious requests targeting the plugin’s endpoints. 7. Educate staff about the risks associated with unauthorized access and encourage reporting of unusual system behavior. 8. If feasible, isolate the WooCommerce environment or use staging environments to test plugin updates before production deployment. 9. Review and harden the overall WooCommerce installation security posture, including keeping all plugins and themes up to date.