Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High1
Medium1
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2025-12-12

CVE-2025-12655 - Hippoo Mobile App For Woocommerce Plugin

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being registered with `permission_callback => '__return_true'`, which allows unauthenticated access. This makes it possible for unauthenticated attackers to write arbitrary JSON content to the server's publicly accessible upload directory via the vulnerable endpoint.

PLUGIN Hippoo Mobile App For Woocommerce

CVE-2025-12655

MEDIUM CVSS 5.3 2025-12-12
Open Full Technical Breakdown
Threat Entry Updated 2025-12-12

CVE-2025-13339 - Hippoo Mobile App For Woocommerce Plugin

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Hippoo Mobile App For Woocommerce

CVE-2025-13339

HIGH CVSS 7.5 2025-12-10
Open Full Technical Breakdown
Scroll to top