CNNVD-202507-2403 Information

CNNVD ID

CNNVD-202507-2403

Related CVE

CVE-2025-5816

• CNNVD Published: 2025-07-18

Description (Chinese)

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship 3.2.0及之前版本存在安全漏洞，该漏洞源于get_order_detail函数缺少用户控制密钥验证，可能导致认证攻击者查看其他用户订单。

Description (English)

WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform supports the installation of personal blogs on PHP and MySQL servers. WordPress plugin is an application plugin. WordPlugin Plugin Plugin WooCommerce Kurir Regurer, Instan, Kargo – Biteship 3.2.0 and previous versions contain a security loophole resulting from the lack of user control key authentication in the Get order detail function, which may result in the authentication of the attacker looking at other user orders.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WooCommerce

Published

2025-07-18

Last Modified

2026-02-24

References

https://plugins.trac.wordpress.org/browser/biteship/trunk/includes/class-biteship.php#L515 https://plugins.trac.wordpress.org/browser/biteship/trunk/public/class-biteship-public.php#L327 https://www.wordfence.com/threat-intel/vulnerabilities/id/48509d43-57bb-452c-b39b-905354a273f3?source=cve https://access.redhat.com/security/cve/cve-2025-5816