Access Control Vulnerability in Nota Fiscal Eletrônica WooCommerce by WebmaniaBR
CVE-2025-60159

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Nota Fiscal Eletrônica WooCommerce
Vendor
CVE Published:
26 September 2025

What is CVE-2025-60159?

The Nota Fiscal Eletrônica WooCommerce plugin by WebmaniaBR contains a missing authorization vulnerability. This flaw arises from incorrectly configured access control security levels, which can potentially allow unauthorized users to access sensitive information or perform actions reserved for authenticated users. This issue affects versions ranging from n/a to 3.4.0.6, highlighting the need for users to review their configurations and apply necessary updates to safeguard their web applications.

Affected Version(s)

Nota Fiscal Eletrônica WooCommerce <= 3.4.0.6

References

https://patchstack.com/database/wordpress/plugin/nota-fis...
vdb-entry

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan (Patchstack Alliance)
JSON
.