CVE-2025-13666
Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated attackers to arbitrarily modify WooCommerce order statuses via the /wp-json/helloprint/v1/complete_order_from_helloprint_callback endpoint by providing a valid order reference ID.
| CWE | CWE-862 |
| Vendor | helloprint |
| Product | plug your woocommerce into the largest catalog of customized print products from helloprint |
| Published | Dec 6, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for helloprint plug your woocommerce into the largest catalog of customized print products from helloprint
Be the first to know when new medium vulnerabilities affecting helloprint plug your woocommerce into the largest catalog of customized print products from helloprint are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
helloprint / Plug your WooCommerce into the largest catalog of customized print products from Helloprint
0 โค 2.1.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/4b07ed75-6ee3-4a1a-b165-439a9135b059?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/helloprint/trunk/includes/Base/Controllers/Admin/OrderController.php#L48 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/helloprint/tags/2.1.2/includes/Base/Controllers/Admin/OrderController.php#L48
Credits
Md. Moniruzzaman Prodhan