Description
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin cecabank-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cecabank WooCommerce Plugin: from n/a through <= 0.3.4.
Published: 2025-09-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in the Cecabank WooCommerce plugin permits users to invoke privileged functions without proper role checks. The incorrect access control configuration enables an attacker to perform actions that should be restricted, potentially leading to unauthorized data changes or exposure. The weakness is classified as Missing Authorization (CWE‑862).

Affected Systems

WordPress installations running the Cecabank WooCommerce Plugin version 0.3.4 or earlier are affected. Any site that has this plugin installed at or below that version faces the risk described.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while an EPSS less than 1% shows a low probability of exploitation at the time of analysis. The vulnerability is not listed in CISA KEV. Off‑the‑shelf exploit code is not known, but an attacker could craft HTTP requests to the plugin’s endpoints to bypass authorization checks, assuming the plugin is publicly accessible.

Generated by OpenCVE AI on April 30, 2026 at 01:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cecabank WooCommerce Plugin to the latest version that addresses missing authorization
  • If an upgrade is not immediately possible, uninstall or disable the plugin from the WordPress installation
  • Configure WordPress to enforce strict role permissions on plugin admin pages and audit access logs for unexpected activity

Generated by OpenCVE AI on April 30, 2026 at 01:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30492 Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4. Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin cecabank-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cecabank WooCommerce Plugin: from n/a through <= 0.3.4.
Title WordPress Cecabank WooCommerce Plugin Plugin <= 0.3.4 - Broken Access Control Vulnerability WordPress Cecabank WooCommerce plugin plugin <= 0.3.4 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Cecabank
Cecabank woocommerce Plugin
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Cecabank
Cecabank woocommerce Plugin
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Tue, 23 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
Title WordPress Cecabank WooCommerce Plugin Plugin <= 0.3.4 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Cecabank Woocommerce Plugin
Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-13T00:23:52.157Z

Reserved: 2025-09-03T09:03:53.070Z

Link: CVE-2025-58685

cve-icon Vulnrichment

Updated: 2025-09-23T13:57:51.812Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:20.193

Modified: 2026-04-23T15:33:35.620

Link: CVE-2025-58685

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:00:13Z

Weaknesses