Authentication Bypass in Order Notification for WooCommerce Plugin by WordPress
CVE-2025-15484

Currently unrated

Key Information:

Vendor: WordPress
Status: Order Notification For WooCommerce
Vendor: CVE Published:; 1 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-15484?

The Order Notification plugin for WooCommerce has a vulnerability that allows unauthenticated users to bypass permission checks, granting unrestricted read/write access to store resources. This includes crucial data such as product, coupon, and customer information, potentially leading to unauthorized modifications and data leakage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Order Notification for WooCommerce 0 < 3.6.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15484 - Proof of Concept

References

https://wpscan.com/vulnerability/ee9f1c0c-86bb-4922-9eb5-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 1, 2026
👾
Exploit known to exist
Apr 1, 2026
Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 7, 2026

Credit

Khaled Alenazi (Nxploited)

WPScan

JSON

WordPress