CVE-2025-62935
📋 TL;DR
This vulnerability allows attackers to bypass authorization controls in the ilmosys Open Close WooCommerce Store WordPress plugin, enabling unauthorized access to functionality that should be restricted. All WordPress sites running affected versions of this plugin are vulnerable. Attackers can exploit this to modify store settings or access administrative features.
💻 Affected Systems
- ilmosys Open Close WooCommerce Store WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable the entire WooCommerce store, modify business hours, change store status, or access administrative functions leading to business disruption and potential data exposure.
Likely Case
Attackers will modify store open/close settings causing customer confusion, lost sales, and operational disruption.
If Mitigated
With proper network segmentation and web application firewalls, impact would be limited to the specific WordPress instance with minimal lateral movement.
🎯 Exploit Status
Exploitation requires some authentication but bypasses authorization checks. Attackers need at least subscriber-level access to WordPress.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.9 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Open Close WooCommerce Store'. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.9.9+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate woc-open-close
Restrict Access with WAF
allConfigure web application firewall to block requests to vulnerable plugin endpoints
🧯 If You Can't Patch
- Implement strict role-based access controls and audit user permissions
- Deploy web application firewall with specific rules blocking access to /wp-content/plugins/woc-open-close/ endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Open Close WooCommerce Store' version 4.9.8 or earlierCheck Version:
wp plugin get woc-open-close --field=versionVerify Fix Applied:
Verify plugin version shows 4.9.9 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to /wp-admin/admin-ajax.php with action parameters related to woc-open-close
- Multiple failed authorization attempts followed by successful store setting modifications
Network Indicators:
- Unusual traffic patterns to plugin-specific endpoints from unauthorized user roles
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php") AND (query_string="*action=woc_*" OR query_string="*woc-open-close*") AND user_role!="administrator" AND user_role!="shop_manager"