Description
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.
Published: 2025-09-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to access sensitive functions of the Nota Fiscal Eletrônica WooCommerce plugin. Incorrectly configured access control security levels let users perform operations that should be restricted to privileged administrators. The weakness aligns with CWE-862, an access control error, and can potentially enable unauthorized data disclosure or manipulation of electronic fiscal documents.

Affected Systems

Affected users are those running the webmaniabr Nota Fiscal Eletrônica WooCommerce plugin at versions from the earliest available release up to and including 3.4.0.9, regardless of the operating environment. The issue is confined to the WordPress plugin and does not affect the core WordPress installation or other WordPress plugins.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests that exploitation is unlikely in the immediate term. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the most probable attack vector requires authenticated access to the plugin’s administrative interface; however, if the plugin is exposed to external traffic or misconfigured, remote exploitation becomes possible. No public exploit is documented, so the risk is currently limited to environments that have the vulnerable plugin version deployed and exposed.

Generated by OpenCVE AI on April 29, 2026 at 23:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Nota Fiscal Eletrônica WooCommerce plugin to a version newer than 3.4.0.9, where the access control issue is fixed.
  • Ensure that access to the plugin’s administrative pages is limited to authorized WordPress administrators by enabling role‑based access control and blocking all unauthorized HTTP requests to those routes.
  • If the plugin is not essential for business operations, disable or remove it entirely from the site.

Generated by OpenCVE AI on April 29, 2026 at 23:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-31246 Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6. Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.
Title WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Broken Access Control Vulnerability WordPress Nota Fiscal Eletrônica WooCommerce plugin <= 3.4.0.9 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 29 Sep 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Webmaniabr
Webmaniabr nota Fiscal Eletronica
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Webmaniabr
Webmaniabr nota Fiscal Eletronica
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Fri, 26 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Sep 2025 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
Title WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Webmaniabr Nota Fiscal Eletronica
Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:56.181Z

Reserved: 2025-09-25T15:28:09.601Z

Link: CVE-2025-60159

cve-icon Vulnrichment

Updated: 2025-09-26T13:31:25.519Z

cve-icon NVD

Status : Deferred

Published: 2025-09-26T09:15:45.137

Modified: 2026-04-23T15:34:19.823

Link: CVE-2025-60159

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T00:00:14Z

Weaknesses