CVE-2025-12621 | Flexible Refund and Return Order for WooCommerce Plugin Refund Status Update create_refund improper authorization

A vulnerability was found in Flexible Refund and Return Order for WooCommerce Plugin up to 1.0.42 on WordPress and classified as critical. Impacted is the function create_refund of the component Refund Status Update Handler. Such manipulation leads to improper authorization.

This vulnerability is uniquely identified as CVE-2025-12621. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More