Orders Chat For Woocommerce

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-12075	WordPress Orders Chat For Woocommerce	Med	0.28	4.3	0.00		Feb 18, 2026	The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.
CVE-2025-49356	WordPress Orders Chat For Woocommerce	Med	0.28	4.3	0.00		Dec 31, 2025	Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.

CVE-2025-12075MedFeb 18, 2026
WordPress
Orders Chat For Woocommerce
risk 0.28cvss 4.3epss 0.00
The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders.
CVE-2025-49356MedDec 31, 2025
WordPress
Orders Chat For Woocommerce
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.