Medium severity4.3NVD Advisory· Published Dec 31, 2025· Updated Apr 28, 2026
CVE-2025-49352
CVE-2025-49352
Description
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.1.11
- Range: <= 1.1.11
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.