CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

April 24, 2025

CVE ID : CVE-2025-1284

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s invoices and orders which can contain sensitive information.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2579 – Lottie Player WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-12244 – GitLab EE Information Disclosure

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

3 secrets of PowerToys on Windows 11 that you’ll wish you already knew

[EcjoJS Meta] Content discussion

[EcjoJS Meta] Content discussion

Accessibility, Inclusive Design, and Universal Design Work Together

An “Inconceivable” Conversation With Dr. Pete Cornwell on Simple vs. Agentic AI

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

ConnectWise to Rotate Code-Signing Certificates

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

Bill Gates shares his original Altair BASIC source code for Microsoft’s 50th anniversary — “The coolest code I’ve ever written”

15+ Best Free Titles Templates for After Effects in 2025

CVE-2025-37779 – “ERofs Linux Kernel Folio UAF Vulnerability”

Lost in translation? Amazon Q Developer now speaks more languages

I’ve been testing one of the best value 4K OLED gaming monitors, and it’s awesome — but watch out for tariffs

CVE-2025-43970 – GoBGP MRT Length Validation Buffer Overflow

VS meldt actief misbruik van kritiek lek in Erlang Erlang/OTP SSH Server

CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch

CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

Related Posts