14 matches found
CVE-2025-12881
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wpsrmafetchordermsgs due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wi...
CVE-2025-12881
CVE-2025-12881 concerns the WordPress plugin Return Refund and Exchange For WooCommerce (versions up to 4.5.5). It suffers an Insecure Direct Object Reference due to missing validation on a user-controlled key in wps_rma_fetch_order_msgs(), enabling authenticated attackers with Subscriber level a...
CVE-2025-12881 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wpsrmafetchordermsgs due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wi...
CVE-2025-12086 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...
CVE-2025-12086 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...
WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WooCommerce Refund And...
CVE-2024-13641
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...
CVE-2024-13692
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...
WordPress plugin Return Refund and Exchange For WooCommerce 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...
WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability
Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...
PT-2022-25394 · WordPress · The Return Refund/Exchange For Woocommerce
Name of the Vulnerable Software and Affected Versions: Return Refund and Exchange For WooCommerce WordPress plugin versions prior to 4.0.9 Description: The issue concerns the lack of validation for attachment files uploaded via an AJAX action. This action is accessible to unauthenticated users,...