29 matches found
CVE-2025-14843
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
CVE-2025-14843
The CVE CVE-2025-14843 affects Wizit Gateway for WooCommerce (WordPress) and is reported as Unauthenticated Arbitrary Order Cancellation in all versions up to 1.2.9. The root cause is missing authentication/authorization checks in the handle_checkout_redirecturl_response function, enabling unauth...
CVE-2025-14843 Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
CVE-2025-14843 Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handlecheckoutredirecturlresponse' function. This makes it...
WordPress Wizit Gateway for WooCommerce plugin <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability
Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Wizit Gateway for WooCommerce versions = 1.2.9...
PT-2026-4571
The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle checkout redirecturl response' function. This makes it...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352 WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
EUVD-2025-206008
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10...
CVE-2025-49352
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352 WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/...
CVE-2025-49352
Technical details for CVE-2025-49352 are not publicly provided in the supplied documents. No confirmed affected product, root cause, impact, or fix is available here. Monitor for official updates from CVE/NVD feeds and vendor advisories.
WordPress plugin Order Cancellation & Returns for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-54389
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10...
CVE-2025-13116
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
EUVD-2025-175324
A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit h...
CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization
A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...
mall-swarm 授权问题漏洞
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...
Missing Authorization
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Missing Authorization via CancelOrderRoute. An attacker can cancel their own orders by sending a specially crafted request, even when refunds are...