Vulnerabilities and security researches fororder-tip-woo order-tip-woo

Jun 07, 2024

CVE, Research URL: CVE-2024-1119
Home page URL: Security reports for Order Tip for WooCommerce
Application: Order Tip for WooCommerce
Date: Mar 20, 2024
Research Description: The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees.
Affected versions: Min -, max -.
Status: vulnerable

Aug 17, 2025

CVE, Research URL: CVE-2025-6025
Home page URL: Security reports for Order Tip for WooCommerce
Application: Order Tip for WooCommerce
Date: Aug 15, 2025
Research Description: The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.
Affected versions: Min -, max -.
Status: vulnerable