CVE-2025-12075 - Order Splitter for WooCommerce <= 5.3.5 - missing authorization to authenticated...

CVE ID : CVE-2025-12075 Published : Feb. 18, 2026, 5:16 a.m. | 29 minutes ago Description : The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view information pertaining to other user's orders. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...