Description
Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
Published: 2025-01-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in Woo Tuner allows attackers to bypass configured access control levels, potentially enabling unauthorized operations. This flaw is classified under CWE-862.

Affected Systems

The vulnerability affects the Woo Tuner plugin by Alex Volkov distributed for WordPress, for all releases up to and including version 0.1.2. Site administrators using this plugin should verify their installed version.

Risk and Exploitability

The CVSS score is 5.4 indicating moderate severity, and the EPSS score is less than 1 %, indicating low exploitation probability at this time. This vulnerability is not listed in the CISA KEV catalog. The likely attack vector, based on the description, is a web-based request to the plugin’s administrative interface. Exploitation would allow an attacker to perform unauthorized actions if any user can access those endpoints.

Generated by OpenCVE AI on May 2, 2026 at 05:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Woo Tuner to the latest available version that includes the access-control fix.
  • If an immediate upgrade is not possible, disable or uninstall Woo Tuner until a patched version is released.
  • Revise user permission settings to minimize capabilities for users that interact with the plugin’s administration pages.

Generated by OpenCVE AI on May 2, 2026 at 05:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3397 Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Alex Volkov Woo Tuner woo-tuner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Tuner: from n/a through <= 0.1.2. Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. Missing Authorization vulnerability in Alex Volkov Woo Tuner woo-tuner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Tuner: from n/a through <= 0.1.2.
References

Fri, 17 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
Title WordPress Woo Tuner plugin <= 0.1.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:18.991Z

Reserved: 2025-01-16T11:29:46.483Z

Link: CVE-2025-23761

cve-icon Vulnrichment

Updated: 2025-01-17T17:35:07.416Z

cve-icon NVD

Status : Deferred

Published: 2025-01-16T21:15:18.410

Modified: 2026-04-28T19:28:59.157

Link: CVE-2025-23761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T06:00:13Z

Weaknesses