CVE-2025-13452 | Admin and Customer Messages after Order for WooCommerce Plugin REST Endpoint authorization

Inserito da Angelo Barbosa | Nov 25, 2025 | CVE

A vulnerability categorized as critical has been discovered in Admin and Customer Messages after Order for WooCommerce Plugin up to 14 on WordPress. The affected element is an unknown function of the component REST Endpoint. Executing manipulation of the argument user_id/order_id/context can lead to missing authorization.

This vulnerability is registered as CVE-2025-13452. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13452 | Admin and Customer Messages after Order for WooCommerce Plugin REST Endpoint authorization

Post correlati

CVE-2024-8432 | Appointment & Event Booking Calendar Plugin up to 5.0.48 on WordPress CSS Setting authorization

CVE-2024-47916 | Boa path traversal

CVE-2025-23900 | Genkisan Genki Announcement Plugin up to 1.4.1 on WordPress cross-site request forgery

CVE-2023-6900 | rmountjoy92 DashMachine 0.5-4 /settings/delete_file path traversal