Description
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.
Published: 2025-04-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows attackers to bypass access controls and use the plugin’s functionality without the proper permissions. This flaw is classified as CWE‑862, meaning that the application fails to enforce sufficient authorization checks. An attacker who exploits this weakness could perform actions that should be restricted to privileged users, such as modifying, deleting, or creating product variations that could affect inventory, pricing, and customer experience.

Affected Systems

The vulnerability affects the WordPress plugin Advanced Linked Variations for Woocommerce released by Dotstore, in all versions up to and including 1.0.3. Users running these versions on any WordPress installation may be impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium level of severity. The EPSS score of less than 1% suggests that, while exploitation is possible, the current likelihood of attack is low. The vulnerability is not listed in CISA’s KEV catalog, meaning no publicly disclosed exploits are known. Based on the description, it is inferred that the threat would likely arise from remote submission of the plugin’s configuration or management interfaces, allowing unauthenticated or low‑privilege users to manipulate product data.

Generated by OpenCVE AI on May 1, 2026 at 09:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest plugin update released by Dotstore that removes the missing authorization check.
  • If the update is not yet available, restrict access to the plugin’s settings and functionality to administrative roles only, and remove any unnecessary user capabilities that may interact with the plugin.
  • If role restrictions cannot be enforced, temporarily deactivate the plugin until a secure version is installed.

Generated by OpenCVE AI on May 1, 2026 at 09:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12312 Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3. Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.
Title WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 29 Apr 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Multidots
Multidots advanced Linked Variations For Woocommerce
CPEs cpe:2.3:a:multidots:advanced_linked_variations_for_woocommerce:*:*:*:*:*:wordpress:*:*
Vendors & Products Multidots
Multidots advanced Linked Variations For Woocommerce

Tue, 22 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 22 Apr 2025 10:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.
Title WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Multidots Advanced Linked Variations For Woocommerce
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:37.089Z

Reserved: 2025-04-22T09:21:32.319Z

Link: CVE-2025-46244

cve-icon Vulnrichment

Updated: 2025-04-22T16:33:40.856Z

cve-icon NVD

Status : Modified

Published: 2025-04-22T10:15:18.560

Modified: 2026-04-23T15:29:56.560

Link: CVE-2025-46244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T09:30:14Z

Weaknesses