3 matches found
CVE-2025-12075 Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure
The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wostroubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12075
The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wostroubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level...
PT-2026-20220
Name of the Vulnerable Software and Affected Versions Order Splitter for WooCommerce plugin for WordPress versions up to and including 5.3.5 Description The Order Splitter for WooCommerce plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability...