Medium severity4.3NVD Advisory· Published Apr 24, 2025· Updated Apr 15, 2026
CVE-2025-1284
CVE-2025-1284
Description
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's invoices and orders which can contain sensitive information.
Affected products
2- Range: <=4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.