CVE-2025-15484

NONE EPSS 0.04%

Apr 01, 2026

Updated Apr 01, 2026

WordPress

Parameter	Value
Affected Versions	before 3.6.3
Vendor	WordPress
Public PoC	No

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers.

References 1

https://wpscan.com/vulnerability/ee9f1c0c-86bb-4922-9eb5-8aae78003eff/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6439

WordPress

4.4

CVE-2026-6451

WordPress

4.3

CVE-2026-40308

WordPress

8.8

CVE-2026-3830

Unknown

None

CVE-2026-5809

WordPress

7.1

CVE Details

CVE ID

CVE-2025-15484

Published Date

Apr 01, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.04%

Likelihood of exploitation in next 30 days

Percentile: 11.7th percentile (higher than 11.7% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2025-15484

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Menu

CVE-2025-15484

References 1

Related Vulnerabilities

CVE-2026-6439

CVE-2026-6451

CVE-2026-40308

CVE-2026-3830

CVE-2026-5809

CVE Details

Editor's Choice

Stay informed on cybersecurity