4 matches found
CVE-2026-49072
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud = 7.2.6 versions...
CVE-2026-49072
The CVE-2026-49072 entry covers a Broken Access Control issue in the WordPress WooCommerce Anti-Fraud plugin (versions
CVE-2026-49072 WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud = 7.2.6 versions...
WooCommerce Anti-Fraud <= 3.2 - Unauthenticated Order Status Manipulation
The WooCommerce Anti-Fraud WordPress plugin was affected by an issue where an unauthenticated user could change the order status of any order, as there were no checks when changing the order status. The orderid was also predictable. On an individual level, if you have already received your order,...