CVE-2025-13389 in Admin and Customer Messages after Order for WooCommerce Plugininfo

Zusammenfassung

von MITRE • 25.11.2025

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers to view sensitive WooCommerce order details and private conversation messages between customers and store administrators for any order by supplying an arbitrary order ID.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

25.11.2025

Moderieren

akzeptiert

Eintrag

VDB-333459

CPE

bereit

CWE

CWE-862 (bestätigt)

CVSS

5.3 (CNA)

EPSS

0.00076

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Transportation, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-13389
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-13389
CVE Details	https://www.cvedetails.com/cve/CVE-2025-13389/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!