Description
Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.
Published: 2025-04-01
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Simple Sticky Add To Cart For WooCommerce WordPress plugin. Because the plugin’s access control logic is incorrectly configured, an unauthenticated or improperly authenticated user could manipulate cart actions or trigger privileged functionalities that should be restricted to authorized users. This Weakness aligns with CWE-862 – Missing Authorization. The potential impact is the unauthorized modification of cart contents or other privileged e‑commerce actions within a WordPress site.

Affected Systems

WordPress sites that deploy the Simple Sticky Add To Cart For WooCommerce plugin version 1.4.9 or earlier are affected. The vendor listed is Sharaz Shahid. No specific CPE identifiers are provided, but the flaw applies to every installation of the plugin at the indicated or lower versions.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate potential for exploitation, while the EPSS score of less than 1% suggests a very low probability of real‑world exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local or remote attacker who can reach the WordPress admin interface or who can exploit the plugin’s exposed endpoints without proper authorization checks. Precise exploitation steps are not detailed in the CVE, but the missing authorization check would allow an attacker to perform privileged cart actions that should be restricted.

Generated by OpenCVE AI on May 1, 2026 at 11:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Simple Sticky Add To Cart For WooCommerce plugin to the latest release that eliminates the incorrect authorization logic.
  • If an update is not immediately available, disable or uninstall the plugin until a fixed version can be applied.
  • Ensure that your WordPress installation and WooCommerce plugin are fully patched and that role‑based access controls are correctly configured so that only administrators and authorized users can execute WooCommerce admin functions.

Generated by OpenCVE AI on May 1, 2026 at 11:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9175 Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5. Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.
Title WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.5 - Broken Access Control vulnerability WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Tue, 01 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5.
Title WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:14.588Z

Reserved: 2025-04-01T13:21:00.365Z

Link: CVE-2025-31854

cve-icon Vulnrichment

Updated: 2025-04-01T15:43:16.955Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:26.820

Modified: 2026-04-23T15:28:25.497

Link: CVE-2025-31854

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:45:16Z

Weaknesses