The vulnerability is a missing authorization issue in the enituretechnology Distance Based Shipping Calculator plugin, allowing attackers to access restricted functions and potentially modify shipping calculations or other administrative settings. This flaw is described as a broken access control, giving unauthenticated or insufficiently privileged users the ability to bypass security checks and exploit incorrectly configured access levels. As a result, an attacker could alter shipping cost data, compromise customer information, or disrupt the e‑commerce workflow, all of which can lead to financial loss and reputational damage.

WordPress plugin enituretechnology Distance Based Shipping Calculator, versions from the earliest released through version 2.0.22. Any WordPress site that has this plugin installed and running a vulnerable version is affected.

The CVSS score of 5.4 classifies this issue as a moderate severity vulnerability. The EPSS score of less than 1% indicates that exploitation is currently unlikely, and it is not listed in the CISA KEV catalog. Attackers can reach the vulnerability over the web by sending crafted requests to the plugin's endpoints, bypassing authorization checks that are supposed to restrict access to privileged administrators. Because the flaw manifests only when the plugin's access control settings are misconfigured, an attacker with basic technical knowledge could leverage this weakness to read or write protected data without requiring prior authentication.