The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.
References
Configurations
No configuration.
History
01 Apr 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| CWE | CWE-287 |
01 Apr 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-01 06:16
Updated : 2026-06-17 08:37
NVD link : CVE-2025-15484
Mitre link : CVE-2025-15484
CVE.ORG link : CVE-2025-15484
JSON object : View
Products Affected
No product.
CWE
CWE-287
Improper Authentication
