CVE-2025-12634 | Refund Request for WooCommerce Plugin up to 1.0 on WordPress Refund Status Update update_refund_status authorization

Inserito da Angelo Barbosa | Nov 25, 2025 | CVE

A vulnerability identified as problematic has been detected in Refund Request for WooCommerce Plugin up to 1.0 on WordPress. The impacted element is the function update_refund_status of the component Refund Status Update Handler. The manipulation leads to missing authorization.

This vulnerability is documented as CVE-2025-12634. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-12634 | Refund Request for WooCommerce Plugin up to 1.0 on WordPress Refund Status Update update_refund_status authorization

Post correlati

CVE-2024-39377 | Adobe Media Encoder AVI File Parser out-of-bounds write (ZDI-24-1200)

CVE-2024-52276 | DocuSign up to 2024-12-04 Version clickjacking

CVE-2025-8446 | blazethemes Blaze Demo Importer Plugin up to 1.0.12 on WordPress Install blaze_demo_importer_install_plugin authorization

CVE-2022-27486 | Fortinet FortiDDoS/FortiDDoS-F os command injection (FG-IR-22-047)