What the vulnerability does
01Description
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownership or authentication. This makes it possible for unauthenticated attackers to retrieve payment method nonces for any stored payment token in the system, which can be used to create fraudulent transactions, charge customer credit cards, or attach payment methods to other subscriptions.
Explanation of Vulnerability in Simple Terms
02Summary
The Braintree payment plugin for WooCommerce versions 3.2.78 and earlier contains a flaw that exposes sensitive payment information. An attacker on the network can read confidential data without authentication or user interaction. Site owners should update immediately to protect customer payment details and comply with PCI standards.
What an attacker can do
03Attacker Capabilities
Read sensitive payment information transmitted by or stored in the plugin without authentication.
Potential impact on your site
04Site Impact
Customer payment data and Braintree credentials may be exposed to unauthorized access.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 12, 2025
CVE published
April 8, 2026
Record updated