CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

April 24, 2025

CVE ID : CVE-2025-1284

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s invoices and orders which can contain sensitive information.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2579 – Lottie Player WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-12244 – GitLab EE Information Disclosure

Highlights

CVE-2025-4018 – Novel-Plus Remote Authentication Bypass

April 28, 2025

CVE ID : CVE-2025-4018

Published : April 28, 2025, 12:15 p.m. | 2 hours, 50 minutes ago

Description : A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads to missing authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

Development tool updates from WWDC: Foundation Models framework, Xcode 26, Swift 6.2, and more

Decoding The SVG path Element: Line Commands

How to install iPadOS 26 on your iPad (and which models support it)

Every Apple Watch that will get WatchOS 26 (and which models won’t be supported)

iOS 26 will bring any photo on your iPhone to life with 3D spatial effects

Shortcuts is the best Apple app you’re not using – and iOS 26 makes it even more powerful

You came for PHP. Stay for what scales: How to Become A Better Developer Learning from Code & Character

You came for PHP. Stay for what scales: How to Become A Better Developer Learning from Code & Character

Sharp – High performance Node.js image processing

ELI5 Toolkit – Explain It Like I’m 5

Windows 11 now lets you reduce image size without resizing using Paint or Photos app

Windows 11 now lets you reduce image size without resizing using Paint or Photos app

Apple “innovates” Windows Vista Aero Glass with macOS 26 Liquid Glass. Oh well.

Ago is a small static blog generator without any fuzz

CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

Microsoft Edge Rolls Out AI-Powered History Search with Privacy Focus

SAP Patch Fixes Critical CVSS 9.6 Flaw in NetWeaver: Privilege Escalation and System Integrity at Risk

Upgrading your Windows laptop? This affordable Dell model is my top pick for work

CVE-2025-5571 – D-Link DCS-932L OS Command Injection

OpenAI Releases HealthBench: An Open-Source Benchmark for Measuring the Performance and Safety of Large Language Models in Healthcare

Analyst View: Why platform engineering matters more than ever

CVE-2025-4018 – Novel-Plus Remote Authentication Bypass

CVE-2025-4706 – Projectworlds Online Examination System SQL Injection Vulnerability

30+ Best Lightroom Presets for Stunning Portraits

CVE-2025-31236 – Apple macOS Sequoia Information Disclosure Vulnerability

CVE-2025-1284 – Woocommerce Automatic Order Printing Insecure Direct Object Reference

Related Posts