The Show Variations as Single Products Woocommerce plugin contains a missing authorization flaw that permits attackers to bypass configured access control. This flaw can lead to unauthorized manipulation of product configurations, exposing sensitive business data and potentially allowing further exploitation on the site. The vulnerability maps to CWE-862, indicating a failure to enforce consistent authorization checks.

This vulnerability affects Theme Funda’s Show Variations as Single Products Woocommerce plugin version 2.0 and earlier. WordPress sites that have installed this plugin and have not applied the official patch or upgrade are at risk. No specific WordPress core version is mentioned; the issue is tied solely to the plugin itself.

With a CVSS score of 5.3, the vulnerability is of moderate severity. The EPSS score of less than 1% indicates it has a very low probability of being actively exploited today, and it is currently not listed in the CISA KEV catalog. Based on the description, attackers could exploit it by accessing URLs or administrative pages that lack proper authorization checks; the likely vector is a web-based attack using legitimate WordPress credentials or cross‑site requests with elevated privileges. Organizations should not ignore this flaw, as it can be leveraged to alter product listings and access undisclosed site data once a user has authenticated with sufficient privileges.