5 matches found
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13389 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13389
The CVE identifies an unauthenticated data exposure in the WordPress plugin “Admin and Customer Messages After Order for WooCommerce: OrderConvo.” The vulnerability stems from a missing capability check on the get_order_by_id() function, affecting all versions up to and including 14. This allows ...
PT-2025-48011
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get order by id function in all versions up to, and including, 14. This makes it possible for unauthenticated attacker...