12 matches found
CVE-2026-7862
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...
WordPress Refund Request for WooCommerce plugin unauthorized data modification vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...
CVE-2025-12634
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-199565
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update
The Refund Request for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updaterefundstatus' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Refund Request for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...
CVE-2025-10570
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...
CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...
CVE-2025-10570
CVE-2025-10570 affects the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions
CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...
CVE-2024-13692
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...