The vulnerability in Hermann LAHAMI’s Allada T‑shirt Designer for Woocommerce is a missing authorization flaw (CWE‑862) that allows an attacker to perform actions that should be limited to privileged users, such as editing or deleting designs and potentially altering product listings or configuration data. This flaw does not provide direct code‑execution but can compromise the integrity of an online store’s design assets. Based on the description, the exploit can subvert normal access controls and degrade the security posture of the affected WordPress site.

WordPress sites that have the Allada T‑shirt Designer for Woocommerce plugin installed in version 1.1 or earlier. The plugin is maintained by Hermann LAHAMI, and any active installation of the vulnerable version is subject to the missing authorization issue.

The CVSS score of 5.3 classifies the issue as moderately serious, and the EPSS score is indicated as less than 1 %, suggesting a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to access the plugin’s administrative endpoints over the web; the likely attack vector is through exposed plugin URLs that lack proper permission checks, but no broader system compromise occurs from the flaw alone.