cleantalk
Vulnerabilities and Security Researches

Appy Pie Connect for WooCommerce, CVE-2025-9286

CVE, Research URL

CVE-2025-9286

Home page URL

Security reports for Appy Pie Connect for WooCommerce

Application

Appy Pie Connect for WooCommerce

Published on
Oct 03, 2025
Research Description
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of arbitrary users, including administrators, thereby gaining administrative access.
Affected versions
max 1.1.3.
Status
vulnerable
Previous vulnerability researches
Appy Pie Connect for WooCommerce (CVE-2025-9286) , Oct 11, 2025
Appy Pie Connect for WooCommerce (CVE-2023-53611) , Jun 16, 2026
New vulnerability
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (7e57cd4f4859826de00a8e2b09ee24fb7f2d824b) , Jun 16, 2026
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (6ff37c2e-e21d-4abc-bafe-8ca6a2c1ed76) , Jun 16, 2026
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (5fd819e2958169cd193de7464b37db70634ff4d7) , Jun 16, 2026
WordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & Rankings (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WPify Woo Czech (5c66c32b-22f2-4b59-a6b2-b8da944cdc3c) , Jun 16, 2026