CVE-2025-15484 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 1, 2026
Order Notification for WooCommerce - Broken Access Control
Overview
Order Notification for WooCommerce WordPress plugin < 3.6.3 contains a broken access control vulnerability caused by overriding WooCommerce's permission checks, letting unauthenticated attackers gain full read/write access to store resources.
Severity & Score
Impact
Unauthenticated attackers can read and modify store resources including products, coupons, and customers, leading to full store compromise.
Mitigation
Upgrade to version 3.6.3 or later.
Social Media Activity(2 posts)
š“ CVE-2025-15484 - Critical (9.1) The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an... š https://www.thehackerwire.com/vulnerability/CVE-2025-15484/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2025-15484 - Critical (9.1) The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an... š https://www.thehackerwire.com/vulnerability/CVE-2025-15484/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-15484
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 1.7%
- Social Posts
- 2
CWE
- CWE-287
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N