CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...