WordPress Plugin Vulnerabilities

Fraud Prevention For WooCommerce and EDD < 2.3.4 - Missing Authorization to Unauthenticated Arbitrary Content Deletion

Description

The Fraud Prevention For WooCommerce and EDD plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers
Fixed in 2.3.4

References

CVE
CVE-2026-25443
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/608d46e3-ef56-48b1-b965-b324e68e8a8b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Jarno Vos (jarnovos)
Verified
No
WPVDB ID
dba37c05-7a09-4693-b817-a55687001235

Timeline

Publicly Published
2026-03-18 (about 1 month ago)
Added
2026-03-27 (about 1 month ago)
Last Updated
2026-03-27 (about 1 month ago)

Other

Published
Title
Published
2025-02-19
Title
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) < 4.5.0 - Missing Authorization to Unauthenticated Price, Date, and Note Updates
Published
2025-09-22
Title
Editor Custom Color Palette <= 3.5.4 - Missing Authorization
Published
2023-12-07
Title
Smart Forms < 2.6.85 - Subscriber+ Arbitrary Options Update
Published
2025-02-28
Title
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.26 - Cross-Site Request Forgery to Limited Settings Update
Published
2025-11-12
Title
Gallery Plugin for WordPress – Envira Photo Gallery < 1.12.1 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions