VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 2 known issues Latest disclosed Feb 17, 2026

Order Splitter for WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Order Splitter for WooCommerce (`woo-order-splitter`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12075 and CVE-2025-31089, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
2
High or Critical
0
Patch Coverage
100%
Last Updated
Feb 18, 2026
Priority CVE Quick Links

Fast paths into Order Splitter for WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
2
CVE-2025-31089 Medium 5.3.1
CVE-2025-31089 Order Splitter for WooCommerce SQL Injection

Order Splitter for WooCommerce <= 5.3.0 - Authenticated (Subscriber+) SQL Injection

CVE-2025-12075 Medium 5.3.6
CVE-2025-12075 Order Splitter for WooCommerce Vulnerability

Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Order Splitter for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
2 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-12075 and CVE-2025-31089
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Order Splitter for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12075
CVE-2025-12075: Order Splitter for WooCommerce <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with...

Published
Feb 17, 2026
Patched Release
5.3.6
Affected Versions
Versions up to 5.3.5
Next Step
Update to 5.3.6 or newer if supported.
Open CVE-2025-12075 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-31089
CVE-2025-31089: Order Splitter for WooCommerce <= 5.3.0 - Authenticated (Subscriber+) SQL Injection

The Order Splitter for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for auth...

Published
Apr 01, 2025
Patched Release
5.3.1
Affected Versions
Versions up to 5.3.0
Next Step
Update to 5.3.1 or newer if supported.
Open CVE-2025-31089 Report Open CVE Reference