CVE-2025-32544

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 17, 2025

CWE ID 862

Summary

CVE-2025-32544 is a missing authorization vulnerability affecting The Right Software WooCommerce Loyal Customers plugin. This issue permits unauthorized access to functionality that is not adequately constrained by Access Control Lists (ACLs). The vulnerability spans from version n/a to 2.6, posing a significant risk to WooCommerce sites using this plugin. Attackers with low privileges may exploit this vulnerability to gain elevated access, potentially leading to data breaches or other malicious activities. It is crucial for WooCommerce site administrators to update the plugin to a secure version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-32544

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations