Medium severity4.3NVD Advisory· Published Apr 24, 2025· Updated Apr 15, 2026

CVE-2025-1284

Description

The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's invoices and orders which can contain sensitive information.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/woocommerce-google-cloud-print/21129093nvd
www.wordfence.com/threat-intel/vulnerabilities/id/6f593dce-4b56-46c0-becd-75fd16f165a8nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000