CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.
Configurations

No configuration.

History

01 Apr 2026, 14:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-287

01 Apr 2026, 06:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-01 06:16

Updated : 2026-06-17 08:37


NVD link : CVE-2025-15484

Mitre link : CVE-2025-15484

CVE.ORG link : CVE-2025-15484


JSON object : View

Products Affected

No product.

CWE
CWE-287

Improper Authentication