Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ghm6-24ev-8qgq

Summary Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11.

Aliases

alias	CVE-2025-49352

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49352

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.0186
published_at	2026-06-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01863
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49352

reference_url

https://patchstack.com/database/Wordpress/Plugin/wc-order-cancellation-return/vulnerability/wordpress-order-cancellation-returns-for-woocommerce-plugin-1-1-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve

reference_id

wordpress-order-cancellation-returns-for-woocommerce-plugin-1-1-10-insecure-direct-object-references-idor-vulnerability?_s_id=cve

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-31T17:33:12Z/

url

Weaknesses

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Exploits

Severity_range_score 4.3 - 4.3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghm6-24ev-8qgq

Vulnerability Instance