Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.9 views

CVE-2025-13389

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...

5.3CVSS5.4AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.6 views

CVE-2025-13389

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.6 views

CVE-2025-13389 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00248EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 7:28 a.m.22 views

CVE-2025-13389

The CVE identifies an unauthenticated data exposure in the WordPress plugin “Admin and Customer Messages After Order for WooCommerce: OrderConvo.” The vulnerability stems from a missing capability check on the get_order_by_id() function, affecting all versions up to and including 14. This allows ...

5.3CVSS5AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.3 views

PT-2025-48011

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get order by id function in all versions up to, and including, 14. This makes it possible for unauthenticated attacker...

5.3CVSS5.4AI score0.00248EPSS
Exploits0References4
Rows per page
Query Builder