Description
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Account Manager for WooCommerce: from n/a through 2.1.2.
Published: 2026-05-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authorization in Bizswoop Account Manager for WooCommerce allows attackers to access or modify data that should be restricted to privileged users. The flaw is a classic access control weakness, exposing sensitive account information and potentially allowing unauthorized control of user accounts. This flaw could lead to data theft, defacement, or further compromise within the WordPress site.

Affected Systems

The vulnerability impacts the WordPress plugin "Account Manager for WooCommerce" from any version up to and including 2.1.2. The plugin is supplied by Bizswoop and integrated into WooCommerce installations where it manages user accounts and orders.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity. EPSS is not available, and the issue is not yet listed in CISA’s KEV, suggesting it has not yet been widely exploited. The likely attack path requires an authenticated user, as the flaw is a missing authorization check; a user with standard privileges could manipulate the plugin’s endpoints to gain elevated permissions. This inference is drawn from the description, no explicit vector is stated.

Generated by OpenCVE AI on May 27, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of Account Manager for WooCommerce (2.1.3 or newer) to apply the official fix.
  • Reassess user roles and ensure that only properly privileged accounts can access the plugin’s management functions.
  • If the plugin is not essential, consider disabling or uninstalling it to eliminate the vulnerable code paths.

Generated by OpenCVE AI on May 27, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Bizswoop
Bizswoop account Manager For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Bizswoop
Bizswoop account Manager For Woocommerce
Wordpress
Wordpress wordpress

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2.
Title WordPress Account Manager for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Bizswoop Account Manager For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T17:31:30.495Z

Reserved: 2022-09-27T08:45:02.841Z

Link: CVE-2022-41656

cve-icon Vulnrichment

Updated: 2026-05-27T17:31:28.179Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T17:16:27.567

Modified: 2026-06-17T05:03:34.773

Link: CVE-2022-41656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:50:31Z

Weaknesses