Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.9 views

CVE-2025-12881

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wpsrmafetchordermsgs due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wi...

5.4CVSS5.6AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 7:31 a.m.19 views

CVE-2025-12881

CVE-2025-12881 concerns the WordPress plugin Return Refund and Exchange For WooCommerce (versions up to 4.5.5). It suffers an Insecure Direct Object Reference due to missing validation on a user-controlled key in wps_rma_fetch_order_msgs(), enabling authenticated attackers with Subscriber level a...

5.4CVSS5.2AI score0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-12881 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wpsrmafetchordermsgs due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wi...

5.4CVSS5.2AI score0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.3 views

CVE-2025-12086 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.3AI score0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 7:31 a.m.10 views

CVE-2025-12086 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.5 views

WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.3 views

WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.8AI score0.00149EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.5 views

WordPress plugin WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WooCommerce Refund And...

9.8CVSS7.7AI score0.0058EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/16 6:21 a.m.12 views

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

7.5CVSS9.3AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2025/02/14 6:15 a.m.7 views

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS5.8AI score0.00288EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

WordPress plugin Return Refund and Exchange For WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS7.9AI score0.00437EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/13 6:56 p.m.5 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...

5.4CVSS7AI score0.00288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/13 6:54 p.m.5 views

WordPress Return Refund and Exchange For WooCommerce plugin <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.4.5...

7.5CVSS7AI score0.00437EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.9 views

PT-2022-25394 · WordPress · The Return Refund/Exchange For Woocommerce

Name of the Vulnerable Software and Affected Versions: Return Refund and Exchange For WooCommerce WordPress plugin versions prior to 4.0.9 Description: The issue concerns the lack of validation for attachment files uploaded via an AJAX action. This action is accessible to unauthenticated users,...

9.8CVSS9.9AI score0.06152EPSS
Exploits3References3
Rows per page
Query Builder