CVE-2025-15484 | THREATINT

Description

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

PUBLISHED Reserved 2026-01-07 | Published 2026-04-01 | Updated 2026-04-01 | Assigner WPScan

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

Any version before 3.6.3

affected

Credits

Khaled Alenazi (Nxploited) finder

WPScan coordinator

References

wpscan.com/...rability/ee9f1c0c-86bb-4922-9eb5-8aae78003eff/ exploit vdb-entry technical-description

cve.org (CVE-2025-15484)

nvd.nist.gov (CVE-2025-15484)

Download JSON