{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25396", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:12.987Z", "datePublished": "2026-03-25T16:14:47.683Z", "dateUpdated": "2026-03-25T16:14:47.683Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "commerce-coinbase-for-woocommerce", "product": "Commerce Coinbase For WooCommerce", "vendor": "CoderPress", "versions": [{"lessThanOrEqual": "<= 1.6.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:26.758Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6.</p>"}], "value": "Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:47.683Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/commerce-coinbase-for-woocommerce/vulnerability/wordpress-commerce-coinbase-for-woocommerce-plugin-1-6-6-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6."}], "id": "CVE-2026-25396", "lastModified": "2026-03-25T17:16:49.077", "metrics": {}, "published": "2026-03-25T17:16:49.077", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/commerce-coinbase-for-woocommerce/vulnerability/wordpress-commerce-coinbase-for-woocommerce-plugin-1-6-6-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Commerce Coinbase For WooCommerce", "source": "cna", "vendor": "CoderPress"}, "product": "commerce_coinbase_for_woocommerce", "vendor": "coderpress"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T17:56:03.636849+00:00", "value": {"mitigation_remediation": ["Upgrade Commerce Coinbase For WooCommerce to version 1.6.7 or later", "Verify that the plugin\u2019s access control settings are correctly configured after the update", "Check the vendor\u2019s security advisories for any further patches", "Monitor site logs for any unusual activity related to the plugin", "Consider disabling or removing the plugin if not in use"], "summary": {"action": "Apply Patch", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "The problem affects the CoderPress Commerce Coinbase For WooCommerce WordPress plugin with versions up to and including 1.6.6. Users running any of those releases on a WordPress site are potentially vulnerable, regardless of site theme or other plugins.", "description_and_impact": "The vulnerability is a missing authorization flaw in the Commerce Coinbase For WooCommerce plugin that allows an attacker to perform actions they should not be able to. The flaw arises when access control security levels are incorrectly configured, enabling unauthorized use of protected functions. This is categorized as a missing authorization weakness (CWE\u2011862), which can lead to privilege escalation or data tampering.", "risk_and_exploitability": "Exact exploitation likelihood is not quantified in the available data, and the event\u2011predicted\u2011security\u2011score is not provided. Nevertheless, because the vulnerability permits unauthorized actions without requiring additional credentials, it presents a significant risk to confidentiality, integrity, and availability of the WordPress site. The attack could be launched remotely through the plugin\u2019s exposed endpoints, and no specific mitigations are required beyond applying the vendor\u2019s update. The vulnerability is not listed in the CISA KEV catalog, so no active exploit campaign is known."}}}}, "created": "2026-03-25T21:44:39.415343+00:00", "updated": "2026-03-26T11:38:34.724556+00:00", "vendors": ["coderpress", "coderpress$PRODUCT$commerce_coinbase_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}