PT-2026-20610 · WordPress+1 · Woocommerce Checkout Manager+1
Nosleep
·
Publicado
2026-02-19
·
Atualizado
2026-02-23
·
CVE-2025-13930
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Checkout Manager for WooCommerce versions prior to 7.8.6
Description
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress has an authorization issue. The plugin does not properly verify user authorization to delete attachments and has flawed guest order ownership validation. This allows unauthenticated attackers to delete attachments linked to guest orders by using the
wooccm upload nonce and the attachment ID.Recommendations
Update to version 7.8.6 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Woocommerce Checkout Manager
Woocommerce