CVE-2025-49356

Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.

CVSS

No CVSS.

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/orders-chat-for-woocommerce/vulnerability/wordpress-orders-chat-for-woocommerce-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve

Configurations

No configuration.

History

01 Apr 2026, 17:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : unknown
Summary		(es) Vulnerabilidad por ausencia de autorización en Mykola Lukin Orders Chat para WooCommerce permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Orders Chat para WooCommerce: desde n/a hasta 1.2.0.
Summary	(en) Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0.	(en) Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
References	{'url': 'https://patchstack.com/database/wordpress/plugin/orders-chat-for-woocommerce/vulnerability/wordpress-orders-chat-for-woocommerce-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/orders-chat-for-woocommerce/vulnerability/wordpress-orders-chat-for-woocommerce-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve -

20 Jan 2026, 15:16

Type	Values Removed	Values Added
References	{'url': 'https://vdp.patchstack.com/database/wordpress/plugin/orders-chat-for-woocommerce/vulnerability/wordpress-orders-chat-for-woocommerce-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/wordpress/plugin/orders-chat-for-woocommerce/vulnerability/wordpress-orders-chat-for-woocommerce-plugin-1-2-0-broken-access-control-vulnerability?_s_id=cve -

31 Dec 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-31 16:15

Updated : 2026-04-01 17:25

NVD link : CVE-2025-49356

Mitre link : CVE-2025-49356

CVE.ORG link : CVE-2025-49356

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2025-49356

Attach tags to `CVE-2025-49356`