11 matches found
CVE-2025-12634
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12634
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-199565
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12634
The CVE-2025-12634 entry concerns the WordPress plugin Refund Request for WooCommerce. A missing capability check in the update_refund_status function affects all versions up to and including 1.0, allowing authenticated users with Subscriber-level access or higher to modify refund statuses to app...
WordPress Refund Request for WooCommerce plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update vulnerability
Missing Authorization to Authenticated Subscriber+ Refund Status Update vulnerability discovered by Powpy in WordPress Plugin Refund Request for WooCommerce versions = 1.0...
PT-2025-48001
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update refund status' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12621
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
CVE-2025-12621
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...
CVE-2025-12621
Insight (CVE-2025-12621) The WordPress plugin “Flexible Refund and Return Order for WooCommerce” is vulnerable via an incorrect/misconfigured capability check in the create_refund function, allowing any authenticated user with Contributor level or higher to modify refund statuses (approve/deny) i...