VYPR

Woo Refund And Exchange Lite

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-12086MedNov 21, 2025
    risk 0.28cvss 4.3epss 0.00

    The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wps_rma_cancel_return_request' AJAX endpoint due to missing validation on a user controlled key. This makes…