PT-2026-29472 · Automattic+1 · Woocommerce+1
Khaled Alenazi
·
Published
2026-04-01
·
Updated
2026-04-16
·
CVE-2025-15484
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
The Order Notification for WooCommerce WordPress plugin versions prior to 3.6.3
Description
The Order Notification for WooCommerce WordPress plugin before version 3.6.3 bypasses WooCommerce's permission checks, granting full access to all unauthenticated requests. This allows complete read and write access to store resources, including products, coupons, and customer data.
Recommendations
Update the Order Notification for WooCommerce WordPress plugin to version 3.6.3 or later.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Order Notification For Woocommerce
Woocommerce