Description
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.
Published: 2025-02-14
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization check in the ashamil OPSI Israel Domestic Shipments Woo‑ups‑pickup plugin allows attackers to exploit incorrectly configured access control security levels. The flaw is a classic unauthorized access weakness identified as CWE‑862, enabling malicious actors to perform actions beyond what their permissions should allow.

Affected Systems

The vulnerability impacts the WordPress OPSI Israel Domestic Shipments plugin from an unspecified initial version through version 2.8.2. Users who have installed any release in that range on a WordPress site are potentially exposed.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The issue is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the vulnerability can be triggered remotely via the plugin’s web interface and that it does not require prior authentication to reach privileged functionality.

Generated by OpenCVE AI on May 2, 2026 at 04:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OPSI Israel Domestic Shipments plugin to version 2.8.3 or later, which includes the missing authorization fix.
  • If an update cannot be performed immediately, restrict access to the plugin’s administrative URLs using a web‑application firewall or server‑level controls (e.g., .htaccess, Nginx allow/deny rules) to prevent unauthenticated users from reaching sensitive endpoints.
  • Implement or enforce proper server‑side role checks and authentication on all privileged actions exposed by the plugin, ensuring that only authorized users can execute them.

Generated by OpenCVE AI on May 2, 2026 at 04:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3400 Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6. Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through <= 2.8.2.
Title WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability WordPress OPSI Israel Domestic Shipments plugin <= 2.8.2 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00059}

 epss

{'score': 0.00066}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00081}

 epss

{'score': 0.00059}

Fri, 14 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 14 Feb 2025 13:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6.
Title WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Ashamil Opsi Israel Domestic Shipments
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:38:05.375Z

Reserved: 2025-01-16T11:29:57.541Z

Link: CVE-2025-23766

cve-icon Vulnrichment

Updated: 2025-02-14T14:47:04.994Z

cve-icon NVD

Status : Deferred

Published: 2025-02-14T13:15:46.583

Modified: 2026-04-23T15:24:27.387

Link: CVE-2025-23766

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T04:45:34Z

Weaknesses