Print Barcode Labels for your WooCommerce products/orders < 3.4.11 – Missing Authorization | CVE 2025-24603 | Plugin Vulnerabilities

Description

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.4.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

a4-barcode-generator

Fixed in 3.4.11

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7a71c1e1-c0f5-4b11-9f15-02ac22e4a376

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Trương Hữu Phúc (truonghuuphuc)

Verified

No

WPVDB ID

d2f72b51-eda1-49d2-a4ce-c984be970359

Timeline

Publicly Published

2025-01-24 (about 1 year ago)

Added

2025-01-28 (about 1 year ago)

Last Updated

2025-01-28 (about 1 year ago)

Other

Published

Title

Published

2023-12-05

Title

Webflow Pages < 1.1.0 - Missing Authorization

Published

2026-02-19

Title

WP-Lister Lite for eBay < 3.8.6 - Missing Authorization

Published

2023-12-04

Title

WP Booking System < 2.0.19.3 - Missing Authorization

Published

2025-09-23

Title

Super Blank < 1.3.0 - Authenticated (Subscriber+) Arbitrary Content Deletion

Published

2024-07-31

Title

FundEngine – Donation and Crowdfunding Platform < 1.7.1 - Authenticated (Subscriber+) Privilege Escalation