Missing Authorization Vulnerability in Authorize.Net CIM Payment Gateway for WooCommerce
CVE-2025-68013

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Payment Gateway Authorize.net Cim For WooCommerce
Vendor: CVE Published:; 22 January 2026

What is CVE-2025-68013?

A critical security flaw has been identified in the Authorize.Net CIM payment gateway plugin for WooCommerce. This missing authorization vulnerability allows unauthorized access due to improperly configured access control security levels. If exploited, this could enable potential attackers to bypass security measures, affecting the integrity of transactions. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

Payment Gateway Authorize.Net CIM for WooCommerce 0 <= 2.1.2

References

https://patchstack.com/database/Wordpress/Plugin/authnet-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Dec 15, 2025

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

CVE-2025-68013 Data

JSON

WordPress

What is CVE-2025-68013?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit