WordPress Plugin Vulnerabilities

BizPrint < 4.5.4 - Unauthenticated WC Order Data Access

Description

The plugin is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function. This makes it possible for unauthenticated attackers to expose potentially sensitive WooCommerce order data.

Affects Plugins

Plugin icon
print-google-cloud-print-gcp-woocommerce
Fixed in 4.5.4

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4fc76e1c-546f-4ecd-bd3b-a6f21b2c65bf

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
67031a75-2fca-43cb-a122-0addbfe4921c

Timeline

Publicly Published
2024-01-30 (about 2 years ago)
Added
2024-04-02 (about 2 years ago)
Last Updated
2024-04-02 (about 2 years ago)

Other

Published
Title
Published
2025-10-28
Title
Call Now Button < 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update
Published
2025-01-07
Title
Post SMTP < 2.9.12 - Missing Authorization via regenerate_qrcode()
Published
2024-04-22
Title
Flexible Shipping < 4.24.16 - Missing Authorization
Published
2025-01-06
Title
Hive Support – WordPress Help Desk < 1.1.7 - Missing Authorization
Published
2026-01-28
Title
WP-CORS <= 0.2.2 - Missing Authorization