{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:48:07.249","vulnerabilities":[{"cve":{"id":"CVE-2025-13930","sourceIdentifier":"security@wordfence.com","published":"2026-02-19T07:17:33.790","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order ownership validation. This makes it possible for unauthenticated attackers to delete attachments associated with guest orders using only the publicly available wooccm_upload nonce and attachment ID."},{"lang":"es","value":"El plugin Checkout Field Manager (Checkout Manager) para WooCommerce para WordPress es vulnerable a un bypass de autorización en versiones hasta la 7.8.5, inclusive. Esto se debe a que el plugin no verifica correctamente que un usuario está autorizado para eliminar un archivo adjunto, combinado con una validación defectuosa de la propiedad de pedidos de invitados. Esto hace posible que atacantes no autenticados eliminen archivos adjuntos asociados con pedidos de invitados utilizando solo el nonce wooccm_upload disponible públicamente y el ID del archivo adjunto."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-checkout-manager/tags/7.8.1/lib/class-upload.php#L114","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-checkout-manager/tags/7.8.1/lib/class-upload.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3440979%40woocommerce-checkout-manager&new=3440979%40woocommerce-checkout-manager&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/33486414-6878-4b16-ae2d-00ec52fc2213?source=cve","source":"security@wordfence.com"}]}}]}