Description
Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8.
Published: 2025-04-03
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to delete arbitrary content within the WordPress site. This weakness maps to CWE-862 (Missing Authorization). It originates from incorrectly configured access control levels for the WR Price List Manager For Woocommerce plugin. Because an attacker can remove data, the primary impact is loss of content and potential disruption of site functionality.

Affected Systems

The affected vendor is Web Ready Now and the product is the WR Price List Manager For Woocommerce plugin. Versions up to and including 1.0.8 are impacted, as indicated by the vulnerability range "from n/a through <= 1.0.8".

Risk and Exploitability

The CVSS score of 5.4 indicates medium severity, mainly threatening availability. The EPSS score of less than 1% suggests a low likelihood of exploitation in the near term. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is remote through the plugin’s administrative interface; however, the CVE does not explicitly state the authentication level required, so the exact privilege needed to exploit remains unspecified.

Generated by OpenCVE AI on May 2, 2026 at 02:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WR Price List Manager For Woocommerce plugin to a version newer than 1.0.8
  • Limit access to the plugin’s administrative functions by ensuring only administrator roles can use its delete features
  • If the plugin is not essential, disable or uninstall it to eliminate the risk

Generated by OpenCVE AI on May 2, 2026 at 02:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14739 Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.
History

Fri, 24 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.
Title WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:12.859Z

Reserved: 2025-04-01T13:20:05.024Z

Link: CVE-2025-31794

cve-icon Vulnrichment

Updated: 2025-04-03T14:58:30.749Z

cve-icon NVD

Status : Deferred

Published: 2025-04-03T14:15:39.610

Modified: 2026-04-23T15:28:18.490

Link: CVE-2025-31794

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:45:32Z

Weaknesses