Description
Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through <= 1.5.1.
Published: 2025-02-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Dotstore Hide Shipping Method For WooCommerce plugin that allows users without proper privileges to access shipping methods that are meant to be hidden. This can lead to disclosure or tampering of shipping options for customers, potentially undermining the intended business logic. The weakness corresponds to CWE-862.

Affected Systems

Dotstore Hide Shipping Method For WooCommerce plugin for WordPress, versions up to and including 1.5.1 are affected.

Risk and Exploitability

Severity is rated CVSS 4.3, indicating moderate impact. The EPSS score is less than 1%, implying a low probability of exploitation in the near term, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to exploit the WordPress/WooCommerce environment, likely gaining access through the admin interface or by interacting with the plugin’s exposed endpoints; the exact path is not detailed in the advisory, so we infer it is a web-based vector. Given the mild score and low exploit likelihood, the risk to a system is considered moderate but treatment is still recommended.

Generated by OpenCVE AI on May 1, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Hide Shipping Method For WooCommerce to the latest version (>=1.5.2)
  • Remove or disable the plugin if it is not required
  • Review WooCommerce shipping settings to ensure hidden methods are properly configured

Generated by OpenCVE AI on May 1, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2920 Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through <= 1.5.1.
Title WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00038}

 epss

{'score': 0.00048}

Mon, 03 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
Title WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:04.816Z

Reserved: 2025-01-07T21:03:16.938Z

Link: CVE-2025-22694

cve-icon Vulnrichment

Updated: 2025-02-03T15:17:50.621Z

cve-icon NVD

Status : Deferred

Published: 2025-02-03T15:15:19.597

Modified: 2026-06-17T08:49:19.763

Link: CVE-2025-22694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T17:30:05Z

Weaknesses