Vchasno Kasa, CVE-2025-6721

CVE, Research URL: CVE-2025-6721
Home page URL: Security reports for Vchasno Kasa
Application: Vchasno Kasa
Published on: Jul 19, 2025
Research Description: The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders.
Affected versions: Min -, max 1.0.4.
Status: vulnerable