CVE-2025-12955
📋 TL;DR
The Live Sales Notification for WooCommerce WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to access recent order information. This exposes customer data including names, locations, purchase details, and product information. All WordPress sites using this plugin up to version 2.3.39 are affected.
💻 Affected Systems
- Live Sales Notification for WooCommerce WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Mass data exfiltration of customer PII and purchase history, leading to privacy violations, regulatory fines, and reputational damage.
Likely Case
Attackers harvest customer data for spam, phishing, or targeted attacks against buyers.
If Mitigated
Limited exposure if plugin is disabled or patched before exploitation.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint can extract data. No special tools or skills required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.40 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Live Sales Notification for WooCommerce'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.3.40+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily deactivate the vulnerable plugin until patched
Web Application Firewall rule
linuxBlock access to the vulnerable endpoint
# Example for Apache .htaccess
RewriteEngine On
RewriteRule ^wp-content/plugins/live-sales-notifications-for-woocommerce/.*getOrders.*$ - [F,L]
🧯 If You Can't Patch
- Disable the Live Sales Notification plugin immediately
- Implement IP-based access restrictions to WordPress admin and plugin endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Live Sales Notification for WooCommerce version number. If version is 2.3.39 or lower, you are vulnerable.Check Version:
# In WordPress root directory
grep -r "Version:" wp-content/plugins/live-sales-notifications-for-woocommerce/live-sales-notifications-for-woocommerce.php | head -1Verify Fix Applied:
After updating, confirm plugin version shows 2.3.40 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual GET/POST requests to /wp-content/plugins/live-sales-notifications-for-woocommerce/ endpoints
- Multiple requests to order-related endpoints from single IPs
- Requests containing 'getOrders' parameter
Network Indicators:
- HTTP traffic to plugin endpoints without authentication cookies
- Pattern of data extraction from /wp-json/ or plugin-specific API endpoints
SIEM Query:
source="web_logs" AND (uri="*live-sales-notifications-for-woocommerce*" OR uri="*getOrders*") AND NOT (user_agent="*bot*" OR user_agent="*crawler*") | stats count by src_ip🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394241%40live-sales-notifications-for-woocommerce&old=3389540%40live-sales-notifications-for-woocommerce&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1cebcf16-ae7f-45c4-8e1d-80ede4c32106?source=cve
