The vulnerability is a missing authorization flaw in Premmerce Wholesale Pricing for WooCommerce. Because the plugin does not enforce proper security levels, an attacker who can send requests to the plugin’s backend can perform privileged actions such as modifying wholesale pricing, adding or changing products, or accessing sensitive data that should be restricted to administrators. This results in unauthorized privileged access to management functionality, potentially compromising the integrity of the store’s pricing and user data.

The flaw affects Premmerce Wholesale Pricing for WooCommerce plugin on WordPress sites. All installations using version 1.1.10 or earlier are vulnerable, regardless of the exact lower bound, as the issue exists from the earliest version up to and including 1.1.10.

The CVSS score of 5.4 indicates a moderate severity. The EPSS score is less than 1%, indicating that while the vulnerability is known, it is currently considered unlikely to be actively exploited. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation would take place over the web, with an attacker using crafted HTTP requests to administrative endpoints that lack proper authorization checks. Based on the description, it is inferred that authentication may not be required to exploit the flaw; however, the CVE does not explicitly state the authentication requirements, so attackers who discover the vulnerable administrative endpoints could potentially mount an attack if the plugin is installed. The attack vector is inferred to be remote web access.