Unauthorized Data Modification in Bonanza WooCommerce Free Gifts Lite Plugin for WordPress
CVE-2025-6730

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Bonanza – WooCommerce Free Gifts Lite
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-6730?

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is susceptible to unauthorized data modification due to a lack of proper capability check in the xlo_optin_call() function. This vulnerability affects all versions up to and including 1.0.0. Authenticated users with Subscriber-level access or higher can manipulate the opt-in status, leading to potential abuse and unauthorized changes to user data.

Affected Version(s)

Bonanza – WooCommerce Free Gifts Lite * <= 1.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/bonanza-woocom...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jun 26, 2025

Credit

Phong Nguyen