CVE-2025-15033

Published: Dec 22, 2025

Modified: Mar 6, 2026

PUBLISHED

Description

A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting from 8.1, where it has been fixed in 8.1.3. It does not affect WooCommerce 8.0 or earlier.

Vendor	Product	Versions
Automattic	WooCommerce	affected `8.1.0 - < 8.1.3` affected `8.2.0 - < 8.2.4` affected `8.3.0 - < 8.3.3` affected `8.4.0 - < 8.4.2` affected `8.5.0 - < 8.5.4` +19 more versions

References

https://wpscan.com/vulnerability/f55fd7d3-7fbe-474f-9406-f47f8aee5e57/

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15033

Description

Affected Products

References