Description
The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Published: 2025-05-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Administrator
Action: Apply Patch
AI Analysis

Impact

The WooCommerce Multiple Addresses plugin for WordPress contains a privilege escalation flaw that allows authenticated users with Subscriber-level access to modify protected user meta fields via the save_multiple_shipping_addresses() function. Because the function performs no capability checks, an attacker can alter role‑controlling fields and promote themselves to Administrator. This flaw is a CWE‑269 vulnerability, resulting in full administrative control over the site, including content, configuration, and user data.

Affected Systems

The affected product is the WooCommerce Multiple Addresses plugin (author: n3wnormal) on WordPress sites. All released versions up to and including 1.0.7.1 are vulnerable. WordPress installations that have accepted the default or unmodified role capabilities for the plugin’s API are at risk.

Risk and Exploitability

The high CVSS score of 8.8 reflects the critical impact of gaining administrator privileges. The EPSS score of less than 1% indicates a low likelihood of exploitation in the wild as of the last measurement, though the flaw remains a significant risk in targeted or insider scenarios. The vulnerability requires an authenticated user with a Subscriber role or higher to trigger, so the attack vector is inferred to be internal or credential‑compromise based. The lack of a CISA KEV listing does not diminish the potential damage if the flaw is exploited.

Generated by OpenCVE AI on April 22, 2026 at 01:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch by updating the WooCommerce Multiple Addresses plugin to a version newer than 1.0.7.1, which removes the privilege escalation bug.
  • If no updated version is available, disable or uninstall the plugin to eliminate its ability to tamper with user meta.
  • Until a patch is applied, restrict the ability of the Subscriber role to edit user meta by modifying role capabilities or applying a temporary code tweak that enforces proper capability checks on the save_multiple_shipping_addresses() function.

Generated by OpenCVE AI on April 22, 2026 at 01:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13656 The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0005}

 epss

{'score': 0.00058}

Wed, 07 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 07 May 2025 02:30:00 +0000

Type Values Removed Values Added
Description The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Title Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:10:08.415Z

Reserved: 2025-05-05T15:32:04.904Z

Link: CVE-2025-4335

cve-icon Vulnrichment

Updated: 2025-05-07T13:46:17.854Z

cve-icon NVD

Status : Deferred

Published: 2025-05-07T03:15:19.370

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-4335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T01:45:05Z

Weaknesses