VYPR
Critical severity9.1NVD Advisory· Published Apr 1, 2026· Updated Apr 15, 2026

CVE-2025-15484

CVE-2025-15484

Description

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1