ShopEngine Elementor WooCommerce Builder Addon

2.7 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Description

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses.

Basic Information

ID CVE-2025-11888

Source Wordfence

Published Oct 25, 2025 at 05:31

Affected Product

Vendor roxnor

Product ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

Version *

Affected Versions roxnor ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution *

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "The ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses.",
    "published": "2025-10-25T05:31:21.952Z",
    "modified": "2025-10-25T05:31:21.952Z",
    "type": "cve",
    "title": "ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bdadc84-0cfb-4bec-aeb9-f59f205d269b?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3381211/shopengine/tags/4.8.5/libs/license/license-route.php",
    "id": "CVE-2025-11888",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "roxnor ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution *",
    "sourceHref": "",
    "cvss": {
        "score": 2.7,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One WooCommerce Solution",
    "version": "*",
    "vendor": "roxnor",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update_CVE-2025-11888