Description
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
Published: 2026-02-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from missing authorization checks in the Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin. An attacker with access to the affected WordPress site can craft requests to privileged plugin endpoints and modify or inject product data that is synchronized to Google Sheets. The flaw, identified as CWE-862, would allow malicious actors to alter product listings, potentially leading to inventory inaccuracies, revenue loss, or disclosure of sensitive information to unintended recipients.

Affected Systems

Any WordPress installation running the Sync Master Sheet plugin version 1.1.3 or earlier is affected. This includes sites that have configured the plugin to interact with external Google Sheets for product synchronization.

Risk and Exploitability

The CVSS score of 7.5 and an EPSS score of less than 1% indicate a high severity but a currently low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Likely attack vectors involve authenticated WordPress users who inadvertently gain elevated privileges or attackers who can send crafted HTTP requests to the plugin’s API endpoints. Once exploited, the attacker can read, modify, or delete product data that is reflected in the linked Google Sheets.

Generated by OpenCVE AI on April 29, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest patched version of the Sync Master Sheet plugin (any version newer than 1.1.3 if available).
  • Restrict access to the plugin’s administrative pages to administrators only, ensuring that only authorized users can configure Google Sheet synchronization.
  • Deploy a web application firewall rule that blocks or monitors requests to the plugin’s exposed API endpoints (e.g., /wp-json/product-sync-master-sheet/*) to prevent unauthorized exploitation.

Generated by OpenCVE AI on April 29, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Saiful Islam Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3. Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.

Fri, 24 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Saiful Islam
Saiful Islam sync Master Sheet &#8211; Product Sync With Google Sheet For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Saiful Islam
Saiful Islam sync Master Sheet &#8211; Product Sync With Google Sheet For Woocommerce
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Saiful Islam Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
Title WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Saiful Islam Sync Master Sheet &#8211; Product Sync With Google Sheet For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:31.350Z

Reserved: 2025-12-24T13:59:58.565Z

Link: CVE-2025-68834

cve-icon Vulnrichment

Updated: 2026-02-24T21:24:28.620Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:12.440

Modified: 2026-04-28T19:36:00.133

Link: CVE-2025-68834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:30:16Z

Weaknesses