exploitDog

CVE-2025-49352

Опубликовано: 31 дек. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10.

Ссылки

https://vdp.patchstack.com/database/wordpress/plugin/wc-order-cancellation-return/vulnerability/wordpress-order-cancellation-returns-for-woocommerce-plugin-1-1-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve

EPSS

Процентиль: 8%

0.00029

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-qh4p-54j2-r4wc

CVSS3: 4.3

github

около 1 месяца назад

Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10.

EPSS

Процентиль: 8%

0.00029

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639