Missing Authorization Flaw in Order Limit for WooCommerce by Xfinitysoft
CVE-2025-26928
4.3MEDIUM
Key Information:
- Vendor
- Xfinitysoft
- Status
- Order Limit For WooCommerce
- Vendor
- CVE Published:
- 25 February 2025
Summary
A missing authorization vulnerability in the Order Limit for WooCommerce plugin by Xfinitysoft allows attackers to exploit incorrectly configured access control security levels. This can lead to unauthorized access and manipulation of order limits for an online store, impacting the overall security of WooCommerce sites using affected versions up to 3.0.2.
Affected Version(s)
Order Limit for WooCommerce <= 3.0.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)