Description
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
Published: 2025-08-14
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that permits invocation of functions that should be gated by access control lists. This can enable attackers to execute privileged operations within the plugin, undermining confidentiality and integrity.

Affected Systems

Unity Business Technology Pty Ltd's The E‑Commerce ERP (profitori) WordPress plugin. All releases from the earliest available up through version 2.1.1.3 are affected. No specific sub‑version granularity is provided.

Risk and Exploitability

The CVSS score of 7.3 indicates a high risk, while the EPSS score of less than 1% suggests a very low probability of exploitation currently. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would involve accessing plugin endpoints without proper authorization checks, but the exact requirements for successful exploitation are not detailed.

Generated by OpenCVE AI on May 1, 2026 at 06:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade The E‑Commerce ERP plugin to version 2.1.1.4 or later when available.
  • Verify and enforce plugin access‑control settings so that privileged functions are only available to authorized roles.
  • Monitor plugin access logs for anomalous activity and investigate suspicious attempts promptly.

Generated by OpenCVE AI on May 1, 2026 at 06:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24793 Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3. Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Thu, 14 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 10:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
Title WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:19.018Z

Reserved: 2025-06-19T10:03:28.881Z

Link: CVE-2025-52800

cve-icon Vulnrichment

Updated: 2025-08-14T13:34:11.239Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T11:15:43.837

Modified: 2026-04-23T15:32:11.867

Link: CVE-2025-52800

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:00:06Z

Weaknesses