CVE-2025-14948

Name of the Vulnerable Software and Affected Versions miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress versions through 4.3.8

Description The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is subject to unauthorized data modification. A missing capability check on the enable wc sms notification AJAX action allows unauthenticated attackers to enable or disable SMS notification settings for WooCommerce orders. The vulnerable component is the enable wc sms notification AJAX action.

Recommendations Update the miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress to a version later than 4.3.8.