CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

8 Ways to Avoid the Cybersecurity Grinch This Holiday Season

'Tis the season to be jolly…unless you work in cybersecurity. According to the Carbon Black Threat Analysis Unit TAU, organizations should expect to see a spike in potential cyberattacks starting with Black Friday/Cyber Monday and continuing through the holiday shopping season. TAU’s analysis...

Shopify: H1514 Ability to Edit Packaging Slip Templates and View Product & Shipping Information by a low privileged staff in a Sandbox Store

Hello, It was observed that it is possible to edit packaging slip templates and then view the product and shipping information in the packaging slip by a low privileged staff in a sandbox store by simply navigating to the URL https://.myshopify.com/admin/settings/packingsliptemplate. It appears...

Threat Outbreak Alert: Fake Product Shipping Information Email Messages on December 20, 2013

Medium Alert ID: 32249 First Published: 2013 December 20 14:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain product shipping information for the recipient. The text in the email message attempts to...