Description
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4.
Published: 2025-04-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Barcode Generator for WooCommerce plugin contains a missing authorization flaw that allows an attacker to delete arbitrary content from product pages and orders. This weakness is classified as CWE‑862, representing a breach of access control that results in data integrity compromise. When exploited, the attacker can remove or tamper with valuable product information, potentially erasing inventory listings or order records, which could damage business operations and trust.

Affected Systems

The vulnerability affects the Barcode Generator for WooCommerce plugin developed by Dmitry V. (CEO of 'UKR Solution'). All versions from the initial release up through version 2.0.4 are vulnerable; there is no fixed version before 2.0.5.

Risk and Exploitability

The CVSS v3.1 score is 7.5, indicating a moderate‑to‑high severity. The EPSS estimate is below 1 %, suggesting that active exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker would need authenticated access via the plugin’s administrative interface; by exploiting the incorrect access control, the attacker could trigger deletion operations without proper authorization.

Generated by OpenCVE AI on April 30, 2026 at 22:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest version of the Barcode Generator for WooCommerce plugin (≥ 2.0.5) to remove the missing‑authorization flaw.
  • Review all product pages and order data for signs of unauthorized deletions; restore affected content from backups if necessary.
  • Restrict editing permissions for the plugin’s configuration to a minimal set of trusted administrators or disable the plugin if it is not essential.
  • Enable logging and alerts for content deletion actions via the plugin, and monitor activity for suspicious attempts.

Generated by OpenCVE AI on April 30, 2026 at 22:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10935 Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 15 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 15 Apr 2025 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.
Title WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:29.287Z

Reserved: 2025-04-14T11:30:45.185Z

Link: CVE-2025-32929

cve-icon Vulnrichment

Updated: 2025-04-15T13:19:05.926Z

cve-icon NVD

Status : Deferred

Published: 2025-04-15T12:15:22.787

Modified: 2026-06-17T09:12:49.683

Link: CVE-2025-32929

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:00:04Z

Weaknesses