CVE-2025-68023 identifies a missing authorization vulnerability in the Addonify – Compare Products For WooCommerce plugin, specifically affecting versions up to and including 1.1.17. The vulnerability arises from incorrectly configured access control security levels within the plugin, which can be exploited by attackers to bypass authorization checks. This means that unauthorized users could potentially perform actions or access data that should be restricted, undermining the integrity and confidentiality of the e-commerce platform. The plugin is designed to enhance WooCommerce by enabling product comparison features, and its improper access control could allow attackers to manipulate product comparison data or gain insights into product configurations. Although no exploits have been reported in the wild, the vulnerability is publicly disclosed and assigned a CVE identifier, indicating that it is recognized and should be addressed. The lack of a CVSS score suggests that the vulnerability has not yet been fully assessed for severity, but the nature of missing authorization typically represents a significant security risk. The vulnerability affects WordPress sites using WooCommerce with this specific plugin installed, which is widely used in e-commerce globally. The issue was reserved in December 2025 and published in February 2026, signaling recent discovery and disclosure. No official patches or updates are linked yet, so users must monitor vendor communications for remediation. The vulnerability’s exploitation requires no user interaction but depends on the attacker’s ability to interact with the plugin’s functionalities, which are accessible on affected sites.

The primary impact of CVE-2025-68023 is unauthorized access due to missing authorization controls in the Addonify Compare Products plugin. This can lead to confidentiality breaches where sensitive product or pricing information might be exposed or manipulated. Integrity of product comparison data could be compromised, potentially misleading customers or affecting sales decisions. Availability impact is less direct but could occur if attackers manipulate plugin functions to disrupt normal operations. For organizations, this vulnerability threatens e-commerce trustworthiness and could result in reputational damage, financial loss, and regulatory scrutiny if customer data is exposed. Since WooCommerce powers a significant portion of online stores worldwide, the scope of affected systems is broad. Attackers do not require authentication or user interaction, increasing the ease of exploitation. The absence of known exploits currently limits immediate risk, but the public disclosure increases the likelihood of future attacks. Organizations relying on this plugin must consider the risk of unauthorized changes to product data and potential downstream effects on customer experience and business operations.

Organizations should immediately inventory their WordPress installations to identify the presence of the Addonify – Compare Products For WooCommerce plugin and verify the version in use. Until an official patch is released, restrict access to the plugin’s administrative and functional endpoints using web application firewalls (WAFs) or server-level access controls to prevent unauthorized requests. Implement strict role-based access controls (RBAC) within WordPress to limit plugin management capabilities to trusted administrators only. Monitor logs for unusual activity related to the plugin, such as unexpected API calls or changes to product comparison data. Engage with the plugin vendor or community to track patch releases and apply updates promptly once available. Consider temporarily disabling the plugin if it is not critical to business operations to eliminate the attack surface. Additionally, conduct security audits focusing on access control configurations across all plugins to prevent similar vulnerabilities. Employ intrusion detection systems (IDS) to detect exploitation attempts and maintain regular backups of site data to enable recovery in case of compromise.