CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-15484

The vulnerability CVE-2025-15484 affects the Order Notification for WooCommerce WordPress plugin (pre-3.6.3). The plugin overrides WooCommerce permission checks, allowing unauthenticated requests full read/write access to store resources (e.g., products, coupons, customers). This is a direct perm...

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

WordPress plugin Order Notification for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2005-1734

Malware in sbrugna...

EUVD-2024-29009

Malicious code in bioql PyPI...

CVE-2024-9686

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...

CVE-2024-9686

CVE-2024-9686 affects the WordPress plugin “Order Notification for Telegram” (

WordPress plugin Order Notification for Telegram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-39762 · WordPress · Order Notification For Telegram

Name of the Vulnerable Software and Affected Versions: The Order Notification for Telegram plugin for WordPress versions up to, and including, 1.0.1 Description: The issue allows unauthorized test message sending due to a missing capability check on the nktgnfw send test message function. This...

WordPress Order Notification for Telegram plugin <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message vulnerability

Missing Authorization to Unauthenticated Send Telegram Test Message vulnerability discovered by István Márton in WordPress Plugin Order Notification for Telegram versions = 1.0.1...

WordPress Order Notification for Telegram Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software Order Notification for Telegram Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c9ae0bfdb3a8 Credits István Márton...

Malicious code in @ccw-order/notification-subscription-v7 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-31098

Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2...

CVE-2024-31098

Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2...

CVE-2024-31098 WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2...

CVE-2024-31098

CVE-2024-31098 corresponds to a Missing Authorization vulnerability in the WordPress plugin Mr.Ebabi New Order Notification for WooCommerce. The vulnerability affects New Order Notification for WooCommerce versions n/a through 2.0.2. Public metrics list the CVSS vectors as HIGH impact with surrou...

PT-2024-23766 · WordPress · Mr.Ebabi New Order Notification For Woocommerce

Name of the Vulnerable Software and Affected Versions: Mr.Ebabi New Order Notification for Woocommerce versions n/a through 2.0.2 Description: The issue is related to a Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce. This vulnerability affects the plugin's...