2 matches found
CVE-2025-12621
Insight (CVE-2025-12621) The WordPress plugin “Flexible Refund and Return Order for WooCommerce” is vulnerable via an incorrect/misconfigured capability check in the create_refund function, allowing any authenticated user with Contributor level or higher to modify refund statuses (approve/deny) i...
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...