CVE-2025-12903 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-12903?

CVE-2025-12903 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to bypass authorization and retrieve payment method nonces for any stored payment token in the WooCommerce Braintree plugin. Attackers can use these nonces to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions. All WordPress sites using the vulnerable plugin versions are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to bypass authorization and retrieve payment method nonces for any stored payment token in the WooCommerce Braintree plugin. Attackers can use these nonces to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions. All WordPress sites using the vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Payment Plugins Braintree For WooCommerce WordPress plugin

Versions: All versions up to and including 3.2.78

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress sites with the plugin installed and active. Requires WooCommerce to be installed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass financial fraud with attackers charging all stored credit cards, creating fraudulent transactions, and compromising customer payment data across all affected sites.

🟠

Likely Case

Targeted financial fraud where attackers exploit specific payment tokens to make unauthorized charges or attach payment methods to their own accounts.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring catching unauthorized API calls before financial damage occurs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to vulnerable endpoint with token ID parameter. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.79 or later

Vendor Advisory: https://wordpress.org/plugins/woo-payment-gateway/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Payment Plugins Braintree For WooCommerce'. 4. Click 'Update Now' if available. 5. If not, download version 3.2.79+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Block vulnerable REST endpoint

linux

Add .htaccess rule to block access to the vulnerable API endpoint

RewriteEngine On
RewriteRule ^wp-json/wc-braintree/v1/3ds/vaulted_nonce - [F,L]

Disable plugin

all

Temporarily disable the plugin until patched

wp plugin deactivate woo-payment-gateway

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests to /wp-json/wc-braintree/v1/3ds/vaulted_nonce
Enable detailed logging for all REST API calls and monitor for unauthorized access to payment endpoints

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin panel under Plugins → Installed Plugins. If version is 3.2.78 or lower, you are vulnerable.

Check Version:

wp plugin get woo-payment-gateway --field=version

Verify Fix Applied:

After updating, verify plugin version shows 3.2.79 or higher. Test API endpoint returns proper authentication error for unauthenticated requests.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated POST requests to /wp-json/wc-braintree/v1/3ds/vaulted_nonce
Multiple failed authentication attempts followed by successful payment API calls

Network Indicators:

Unusual spikes in traffic to WordPress REST API endpoints
External IPs accessing payment-related endpoints without prior authentication

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/wc-braintree/v1/3ds/vaulted_nonce" AND http_status=200 AND user="-")

📊 Metadata

CVE ID: CVE-2025-12903

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-639

EPSS Score: 0.38% exploit probability (58.9th percentile)

Published: November 12, 2025

Last Updated: November 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12903, you might also want to check these: