Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.17 views

CVE-2025-12634

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.1AI score0.00159EPSS
Exploits0References1
Circl
Circl
added 2025/11/25 9:9 a.m.4 views

CVE-2025-12634

creationtimestamp| type| source ---|---|--- 2025-11-25 09:09:34+00:00| seen| https://gist.github.com/Darkcrai86/18daf142ea1ed675f5a357d85635edd6...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.9 views

CVE-2025-12634

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.2 views

CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update

The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.7AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder