CVE-2025-12655
CVE-2025-12655 corresponds to the Hippoo Mobile App for WooCommerce WordPress plugin. The initial records and a Wordfence post confirm a vulnerability in all versions up to 1.7.1 caused by a REST API endpoint (/wp-json/hippoo/v1/wc/token/save_callback/{token_id}) registered with a permissive perm...