Authorization Bypass Vulnerability in Membership For WooCommerce by WP Swings

CVE-2025-67909

What is CVE-2025-67909?

A security flaw in the Membership For WooCommerce plugin allows unauthorized users to bypass access controls due to incorrect configuration. This vulnerability makes it possible for an attacker to gain access to restricted areas, leveraging user-controlled keys. Specifically, this affects versions of the plugin from n/a up to and including 3.0.3, posing a significant risk to users with improperly set access permissions.

References