Primary

Context

Japanized for WooCommerce Missing Authorization Vulnerability in REST API Order Endpoint

Vulnerability

Patched

A vulnerability exists in the Japanized for WooCommerce plugin for WordPress, all versions through 2.7.17, allowing unauthorized data modification. The issue arises from a missing capability check on the 'order' REST API endpoint, enabling unauthenticated attackers to change the status of any WooCommerce order to processed or completed.

Impact

Exploitation of this vulnerability allows for unauthorized modification of order statuses, potentially disrupting order management and fulfillment processes.

Remediation

Users are advised to update the Japanized for WooCommerce plugin to version 2.8.0 or later.

Added: Jan 9, 2026, 5:18 AM

Updated: Jan 9, 2026, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Japanized for WooCommerce Missing Authorization Vulnerability in REST API Order Endpoint

Vulnerability

Impact

Remediation

Affected Products

Japanized for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating