29 matches found
CVE-2025-14843
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
CVE-2025-14843 Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
CVE-2025-14843 Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
CVE-2025-14843
The CVE CVE-2025-14843 affects Wizit Gateway for WooCommerce (WordPress) and is reported as Unauthenticated Arbitrary Order Cancellation in all versions up to 1.2.9. The root cause is missing authentication/authorization checks in the handle_checkout_redirecturl_response function, enabling unauth...
WordPress Wizit Gateway for WooCommerce plugin <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability
Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Wizit Gateway for WooCommerce versions = 1.2.9...
PT-2026-4571
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle checkout redirecturl response' function. This makes it...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
EUVD-2025-206008
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352 WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352 WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352
Technical details for CVE-2025-49352 are not publicly provided in the supplied documents. No confirmed affected product, root cause, impact, or fix is available here. Monitor for official updates from CVE/NVD feeds and vendor advisories.
WordPress plugin Order Cancellation & Returns for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-54389
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10...
CVE-2025-13116
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
EUVD-2025-175324
A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit h...
CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
mall-swarm 授权问题漏洞
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...
Shopware Customer Orders can be canceled, even if refunds are disabled
Refunds in general can be enabled through the administration setting core.cart.enableOrderRefunds in the cart panel.Which visually shows and hides the button. However, using a custom crafted request, a customer can still cancel his own orders.As this is not checked inside the route and also not i...