CVE-2025-12075
Unauthorized Data Access in WooCommerce Order Splitter Plugin
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woocommerce | woo-order-splitter | to 5.3.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "The primary mitigation step is to update the WooCommerce Order Splitter plugin to version 5.3.6 or later, where the vulnerability is fixed by adding proper capability checks and nonce verification on the 'wos_troubleshooting' AJAX endpoint."}, {'type': 'paragraph', 'content': "If immediate updating is not possible, restrict access to the AJAX endpoint by limiting user roles that can access it, or by applying web application firewall (WAF) rules to block unauthorized requests to 'wos_troubleshooting'."}, {'type': 'paragraph', 'content': "Ensure that only users with appropriate permissions (such as 'manage_woocommerce' or 'edit_shop_orders') can access the troubleshooting functionality."}, {'type': 'paragraph', 'content': 'Regularly monitor your logs for suspicious access patterns as a temporary measure until the update is applied.'}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unauthorized access to the 'wos_troubleshooting' AJAX endpoint in the WooCommerce Order Splitter plugin. Detection can focus on monitoring access to this endpoint, especially requests made by users with Subscriber-level access or higher."}, {'type': 'paragraph', 'content': "To detect exploitation attempts, you can monitor web server logs for requests to the AJAX endpoint related to 'wos_troubleshooting'. For example, using grep on Apache or Nginx logs:"}, {'type': 'list_item', 'content': "grep 'wos_troubleshooting' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'wos_troubleshooting' /var/log/nginx/access.log"}, {'type': 'paragraph', 'content': 'Additionally, you can use curl or similar tools to test if the endpoint is accessible without proper capability checks (only recommended in a controlled environment):'}, {'type': 'list_item', 'content': "curl -X POST -d 'action=wos_troubleshooting' https://yourwordpresssite.com/wp-admin/admin-ajax.php"}, {'type': 'paragraph', 'content': 'Monitoring for unusual authenticated requests from Subscriber-level users to this endpoint can help identify attempts to exploit the vulnerability.'}] [1]
Can you explain this vulnerability to me?
The vulnerability exists in the Order Splitter for WooCommerce plugin for WordPress, specifically in all versions up to and including 5.3.5. It is caused by a missing capability check on the 'wos_troubleshooting' AJAX endpoint.
This flaw allows authenticated attackers with Subscriber-level access or higher to access data related to other users' orders without proper authorization.
How can this vulnerability impact me? :
Because the vulnerability allows unauthorized access to order information, an attacker with minimal authenticated access can view sensitive details about other users' orders.
This could lead to exposure of personal or transactional data, potentially compromising user privacy and trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know