39 matches found
WordPress OrderConvo < 14 - Path Traversal
WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely id: CVE-2025-10162 info: name: WordPress OrderConvo 14 - Path Traversal autho...
📄 WordPress OrderConvo 13.5 Path Traversal
Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5. Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link:...
WordPress OrderConvo 14 - Path Traversal
Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link: https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/ Version: 13.5 Tested on: Debian CVE : CVE-2025-1016...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
CVE-2025-13452
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13452
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
CVE-2025-13389
The CVE identifies an unauthenticated data exposure in the WordPress plugin “Admin and Customer Messages After Order for WooCommerce: OrderConvo.” The vulnerability stems from a missing capability check on the get_order_by_id() function, affecting all versions up to and including 14. This allows ...
CVE-2025-13452 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
EUVD-2025-199580
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated Information Disclosure vulnerability
Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability
Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
PT-2025-48015
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...
CVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
WordPress OrderConvo plugin < 14 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin OrderConvo versions 14...
CVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...