The Order Notification for WooCommerce WordPress plugin versions before 3.6.3 contains a critical authentication bypass vulnerability. The plugin overrides WooCommerce's built-in permission checks, allowing unauthenticated users to gain complete read and write access to all store resources. This includes sensitive data such as products, coupons, and customer information. The vulnerability essentially removes all access controls for the WooCommerce store, making it completely accessible to unauthorized users. This represents a severe security flaw that could lead to complete compromise of e-commerce sites using the vulnerable plugin version.