CVE-2025-24594

WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability

Description

Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7.

Remediation

Solution:

Update the WordPress Linet ERP-Woocommerce Integration wordpress plugin to the latest available version (at least 3.5.8).

References

Link	Tags
https://patchstack.com/database/wordpress/plugin/linet-erp-woocommerce-integration/vulnerability/wordpress-linet-erp-woocommerce-integration-plugin-3-5-7-csrf-to-broken-access-control-vulnerability?_s_id=cve	vdb entry

Frequently Asked Questions

What is the severity of CVE-2025-24594?: CVE-2025-24594 has been scored as a medium severity vulnerability.
How to fix CVE-2025-24594?: To fix CVE-2025-24594: Update the WordPress Linet ERP-Woocommerce Integration wordpress plugin to the latest available version (at least 3.5.8).
Is CVE-2025-24594 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-24594 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-24594?: CVE-2025-24594 affects Speedcomp Linet ERP-Woocommerce Integration.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-862 – Missing Authorization

References

Frequently Asked Questions